HydraIRC CTCP requests denial of service
|hydrairc-ctcp-dos (35408)||Medium Risk|
HydraIRC is vulnerable to a denial of service, caused by a heap-based buffer overflow when parsing CTCP requests. By sending specially-crafted CTCP messages and persuading a victim to connect to the server, a remote attacker could exploit this vulnerability to crash the client.
Denial of Service
Upgrade to the latest version of HydraIRC (0.3.160 or later), available from the HydraIRC Web site. See References.
- HydraIRC Web site: HydraIRC.
- Portcullis Security Advisory 07-007: (HydraIRC) Denial of Service due to a heap smash while parsing CTCP requests.
- CVE-2007-3837: Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.
- OSVDB ID: 38625: HydraIRC CTCP Request Message Remote Overflow
- HydraIRC HydraIRC 0.3.151
Jul 13, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this