CVE-2009-1789

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy.  NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
eggheadseggdrop
1.6.0
eggheadseggdrop
1.6.1
eggheadseggdrop
1.6.2
eggheadseggdrop
1.6.3
eggheadseggdrop
1.6.4
eggheadseggdrop
1.6.5
eggheadseggdrop
1.6.6
eggheadseggdrop
1.6.7
eggheadseggdrop
1.6.8
eggheadseggdrop
1.6.9
eggheadseggdrop
1.6.10
eggheadseggdrop
1.6.11
eggheadseggdrop
1.6.12
eggheadseggdrop
1.6.13
eggheadseggdrop
1.6.14
eggheadseggdrop
1.6.15
eggheadseggdrop
1.6.16
eggheadseggdrop
1.6.17
eggheadseggdrop
1.6.18
eggheadseggdrop
1.6.18:rc1
eggheadseggdrop_irc_bot
𝑥
≤ 1.6.19
philip_moorewindrop
𝑥
≤ 1.6.19
philip_moorewindrop
1.4.4
philip_moorewindrop
1.4.6
philip_moorewindrop
1.5.4
philip_moorewindrop
1.5.4:rc1
philip_moorewindrop
1.5.4:rc2
philip_moorewindrop
1.5.4a:a
philip_moorewindrop
1.6.0
philip_moorewindrop
1.6.0:rc1
philip_moorewindrop
1.6.0:rc1-rel2
philip_moorewindrop
1.6.1
philip_moorewindrop
1.6.2\+bindsfix
philip_moorewindrop
1.6.3
philip_moorewindrop
1.6.4:sr1
philip_moorewindrop
1.6.6
philip_moorewindrop
1.6.7
philip_moorewindrop
1.6.8
philip_moorewindrop
1.6.9
philip_moorewindrop
1.6.10
philip_moorewindrop
1.6.12
philip_moorewindrop
1.6.13
philip_moorewindrop
1.6.15
philip_moorewindrop
1.6.16
philip_moorewindrop
1.6.17
philip_moorewindrop
1.6.18
philip_moorewindrop
1.6.19\+ctcpfix
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
eggdrop
bullseye
1.8.4-1
fixed
sid
1.8.4+repack1-0.1
fixed
trixie
1.8.4+repack1-0.1
fixed
bookworm
1.8.4+repack1-0.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eggdrop
lucid
Fixed 1.6.19-1.2ubuntu1
released
karmic
Fixed 1.6.19-1.2ubuntu1
released
jaunty
Fixed 1.6.19-1.1ubuntu1.9.04.1
released
intrepid
Fixed 1.6.19-1.1ubuntu1.8.10.1
released
hardy
Fixed 1.6.18-1.1ubuntu1.1
released
dapper
ignored
References
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
http://osvdb.org/54460
http://secunia.com/advisories/35104
http://secunia.com/advisories/35158
http://secunia.com/advisories/35690
http://www.debian.org/security/2009/dsa-1826
http://www.mandriva.com/security/advisories?name=MDVSA-2009:126
http://www.securityfocus.com/archive/1/503574
http://www.securityfocus.com/bid/34985
http://www.vupen.com/english/advisories/2009/1340
https://exchange.xforce.ibmcloud.com/vulnerabilities/50547
https://www.exploit-db.com/exploits/8695
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
http://osvdb.org/54460
http://secunia.com/advisories/35104
http://secunia.com/advisories/35158
http://secunia.com/advisories/35690
http://www.debian.org/security/2009/dsa-1826
http://www.mandriva.com/security/advisories?name=MDVSA-2009:126
http://www.securityfocus.com/archive/1/503574
http://www.securityfocus.com/bid/34985
http://www.vupen.com/english/advisories/2009/1340
https://exchange.xforce.ibmcloud.com/vulnerabilities/50547
https://www.exploit-db.com/exploits/8695
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html