CVE-2009-20007

Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/talkative_response.rb
https://web.archive.org/web/20090116203306/http://www.talkative-irc.com/
https://www.exploit-db.com/exploits/16459
https://www.exploit-db.com/exploits/8227
https://www.vulncheck.com/advisories/talkative-irc-response-buffer-overflow
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4909.php
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/talkative_response.rb
https://www.exploit-db.com/exploits/16459
https://www.exploit-db.com/exploits/8227
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4909.php