CVE-2009-1959
published 2009-06-08CVE-2009-1959: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.38%
94.3th percentile
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | irssi | < irssi 0.8.13-2 (bookworm) | irssi 0.8.13-2 (bookworm) |
| irssi | irssi | — | — |
| irssi | irssi | >= 0 < 0.8.13-2 | 0.8.13-2 |
| irssi | irssi | >= 0 < 0.8.13-2 | 0.8.13-2 |
| irssi | irssi | >= 0 < 0.8.13-2 | 0.8.13-2 |
| irssi | irssi | >= 0 < 0.8.13-2 | 0.8.13-2 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat5.8MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2v73-9rwq-75qc: Off-by-one error in the event_wallops function in fe-common/irc/fe-events
ghsa_unreviewed·2022-05-02
CVE-2009-1959 [MEDIUM] GHSA-2v73-9rwq-75qc: Off-by-one error in the event_wallops function in fe-common/irc/fe-events
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
OSV
CVE-2009-1959: Off-by-one error in the event_wallops function in fe-common/irc/fe-events
osv·2009-06-08·CVSS 5.0
CVE-2009-1959 [MEDIUM] CVE-2009-1959: Off-by-one error in the event_wallops function in fe-common/irc/fe-events
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
Ubuntu
irssi vulnerability
vendor_ubuntu·2009-07-13
CVE-2009-1959 irssi vulnerability
Title: irssi vulnerability
Summary: irssi vulnerability
It was discovered that irssi did not properly check the length of strings
when processing WALLOPS messages. If a user connected to an IRC network
where an attacker had IRC operator privileges, a remote attacker could
cause a denial of service.
Instructions: After a standard system upgrade you need to restart irssi to effect the
necessary changes.
Red Hat
gnutls: incorrect handling of V1 intermediate certificates
vendor_redhat·2009-01-09·CVSS 5.8
CVE-2009-5138 [MEDIUM] CWE-295 gnutls: incorrect handling of V1 intermediate certificates
gnutls: incorrect handling of V1 intermediate certificates
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
Statement: This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 6.
Package: gnutls (Red Hat Enterprise Linux 6) - Not affected
Package: mingw32-gnutls (Red Hat Enterprise Linux 6) - Will not fix
Package: gnutls (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2009-1959: irssi - Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in i...
vendor_debian·2009·CVSS 5.0
CVE-2009-1959 [MEDIUM] CVE-2009-1959: irssi - Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in i...
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
Scope: local
bookworm: resolved (fixed in 0.8.13-2)
bullseye: resolved (fixed in 0.8.13-2)
forky: resolved (fixed in 0.8.13-2)
sid: resolved (fixed in 0.8.13-2)
trixie: resolved (fixed in 0.8.13-2)
Red Hat
irssi: off-by-one error in the event_wallops
vendor_redhat·CVSS 5.0
CVE-2009-1959 [MEDIUM] CWE-193 irssi: off-by-one error in the event_wallops
irssi: off-by-one error in the event_wallops
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
No detection rules found.
Bugzilla
CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates
bugzilla·2014-02-24·CVSS 5.8
CVE-2009-5138 [MEDIUM] CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates
CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates
While investigating GnuTLS issue CVE-2014-1959 (bug 1065092), it was discovered that older versions of GnuTLS were affected by the same problem, with a different root cause. When using default certificate verification settings, GnuTLS accepted version 1 X.509 certificates as intermediate CAs. An attacker able to obtain a V1 certificate from a CA trusted by application could generate certificates for other hosts or users that would be accepted by GnuTLS.
This issue affected GnuTLS versions before 2.7.6. Problem was reported in the following post:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361
and fixed upstream via:
https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fc
Bugzilla
CVE-2009-1959 irssi: off-by-one error in the event_wallops
bugzilla·2009-06-08·CVSS 5.0
CVE-2009-1959 [MEDIUM] CVE-2009-1959 irssi: off-by-one error in the event_wallops
CVE-2009-1959 irssi: off-by-one error in the event_wallops
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1959 to the following vulnerability:
Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to
cause a denial of service (crash) via an empty command, which triggers
a one-byte buffer under-read and a one-byte buffer underflow.
References:
http://bugs.irssi.org/index.php?do=details&task_id=662
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
http://www.irssi.org/ChangeLog
http://www.openwall.com/lists/oss-security/2009/05/29/3
Discussion:
Upstream SVN commit:
http://svn.irssi.org/cgi-bin/viewvc.cgi?view=rev&root=irssi&revision=5068
---
irssi-0.8.13-3.fc10 has been s
http://bugs.irssi.org/index.php?do=details&task_id=662http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35685http://secunia.com/advisories/35812http://secunia.com/advisories/36152http://www.irssi.org/ChangeLoghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:133http://www.openwall.com/lists/oss-security/2009/05/29/3http://www.securityfocus.com/bid/35399http://www.securitytracker.com/id?1022410http://www.ubuntu.com/usn/usn-800-1http://www.vupen.com/english/advisories/2009/1596http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/https://exchange.xforce.ibmcloud.com/vulnerabilities/51184https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.htmlhttp://bugs.irssi.org/index.php?do=details&task_id=662http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35685http://secunia.com/advisories/35812http://secunia.com/advisories/36152http://www.irssi.org/ChangeLoghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:133http://www.openwall.com/lists/oss-security/2009/05/29/3http://www.securityfocus.com/bid/35399http://www.securitytracker.com/id?1022410http://www.ubuntu.com/usn/usn-800-1http://www.vupen.com/english/advisories/2009/1596http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/https://exchange.xforce.ibmcloud.com/vulnerabilities/51184https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html
2009-06-08
Published