cbcvebase.
CVE-2009-20007
published 2025-09-16

CVE-2009-20007: Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An…

PriorityP271critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.68%
74.1th percentile
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
talkativetalkative_irc<= 0.4.4.16

Detection & IOCsextracted from sources · hover to see the quote

versionTalkative IRC v0.4.4.16
  • Monitor for exploitation of Talkative IRC v0.4.4.16 via overly long response strings sent to a connected client, indicative of a stack-based buffer overflow attempt.
  • A Metasploit module exists for this vulnerability; detect exploitation attempts by monitoring for the module's characteristic crafted response strings targeting Talkative IRC clients.
  • This vulnerability is remotely exploitable without authentication; alert on unexpected or anomalously large IRC response strings received by Talkative IRC client processes.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.