Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1959 — Off-by-one Error in Irssi

CWE-189 CWE-193 — Off-by-one Error CWE-295 — Improper Certificate Validation10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Irssi Debian Irssi

Timeline

PublishedJun 8

Latest updateMay 2

Description

Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/irssi< irssi 0.8.13-2 (bookworm)

▶Debianirssi/irssi< 0.8.13-2+3

▶NVDirssi/irssi0.8.13

🔴Vulnerability Details

GHSA

GHSA-2v73-9rwq-75qc: Off-by-one error in the event_wallops function in fe-common/irc/fe-events↗2022-05-02

▶

OSV

CVE-2009-1959: Off-by-one error in the event_wallops function in fe-common/irc/fe-events↗2009-06-08

▶

💥Exploits & PoCs

Exploit-DB

Irssi 0.8.13 - 'WALLOPS' Message Off-by-One Heap Memory Corruption↗2009-05-15

▶

📋Vendor Advisories

Ubuntu

irssi vulnerability↗2009-07-13

▶

Red Hat

gnutls: incorrect handling of V1 intermediate certificates↗2009-01-09

▶

Debian

CVE-2009-1959: irssi - Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in i...↗2009

▶

Red Hat

irssi: off-by-one error in the event_wallops↗

▶

💬Community

Bugzilla

CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates↗2014-02-24

▶

Bugzilla

CVE-2009-1959 irssi: off-by-one error in the event_wallops↗2009-06-08

▶