CVE-2009-1959 - Vulnerability Details - OpenCVE

Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Irssi	Irssi

Configuration 1 [-]

cpe:2.3:a:irssi:irssi:0.8.13:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.irssi.org/index.php?do=details&task_id=662
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685
http://secunia.com/advisories/35812
http://secunia.com/advisories/36152
http://www.irssi.org/ChangeLog
http://www.mandriva.com/security/advisories?name=MDVSA-2009:133
http://www.openwall.com/lists/oss-security/2009/05/29/3
http://www.securityfocus.com/bid/35399
http://www.securitytracker.com/id?1022410
http://www.ubuntu.com/usn/usn-800-1
http://www.vupen.com/english/advisories/2009/1596
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
https://exchange.xforce.ibmcloud.com/vulnerabilities/51184
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-06T18:00:00

Updated: 2024-08-07T05:36:19.528Z

Reserved: 2009-06-06T00:00:00

Link: CVE-2009-1959

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-06-08T01:00:00.767

Modified: 2024-11-21T01:03:47.747

Link: CVE-2009-1959

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-15T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/"}, {"name": "1022410", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022410"}, {"name": "[oss-security] 20090529 CVE Request (irssi)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/05/29/3"}, {"name": "35399", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35399"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.irssi.org/ChangeLog"}, {"name": "FEDORA-2009-7012", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.irssi.org/index.php?do=details&task_id=662"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35685"}, {"name": "ADV-2009-1596", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1596"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "USN-800-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-800-1"}, {"name": "35812", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35812"}, {"name": "MDVSA-2009:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:133"}, {"name": "irssi-eventwallops-dos(51184)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51184"}, {"name": "36152", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36152"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/", "refsource": "MISC", "url": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/"}, {"name": "1022410", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022410"}, {"name": "[oss-security] 20090529 CVE Request (irssi)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/05/29/3"}, {"name": "35399", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35399"}, {"name": "http://www.irssi.org/ChangeLog", "refsource": "CONFIRM", "url": "http://www.irssi.org/ChangeLog"}, {"name": "FEDORA-2009-7012", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html"}, {"name": "http://bugs.irssi.org/index.php?do=details&task_id=662", "refsource": "CONFIRM", "url": "http://bugs.irssi.org/index.php?do=details&task_id=662"}, {"name": "35685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35685"}, {"name": "ADV-2009-1596", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1596"}, {"name": "SUSE-SR:2009:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "USN-800-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-800-1"}, {"name": "35812", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35812"}, {"name": "MDVSA-2009:133", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:133"}, {"name": "irssi-eventwallops-dos(51184)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51184"}, {"name": "36152", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36152"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:36:19.528Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/"}, {"name": "1022410", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022410"}, {"name": "[oss-security] 20090529 CVE Request (irssi)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/05/29/3"}, {"name": "35399", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35399"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.irssi.org/ChangeLog"}, {"name": "FEDORA-2009-7012", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.irssi.org/index.php?do=details&task_id=662"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35685"}, {"name": "ADV-2009-1596", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1596"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "USN-800-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-800-1"}, {"name": "35812", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35812"}, {"name": "MDVSA-2009:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:133"}, {"name": "irssi-eventwallops-dos(51184)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51184"}, {"name": "36152", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36152"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1959", "datePublished": "2009-06-06T18:00:00", "dateReserved": "2009-06-06T00:00:00", "dateUpdated": "2024-08-07T05:36:19.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:0.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "1FFA993F-4826-4937-B51D-438CFF4E08EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow."}, {"lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (Off-by-one) en loa funci\u00f3n event_wallops en fe-common/irc/fe-events.c en irssi v0.8.13, permite a los servidores de IRC remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un comando vac\u00edo, lo que lanza un lectura de b\u00fafer por debajo de un byte (one-byte) o por el desbordamiento de b\u00fafer inferior de un byte (one-byte)."}], "id": "CVE-2009-1959", "lastModified": "2024-11-21T01:03:47.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-08T01:00:00.767", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.irssi.org/index.php?do=details&task_id=662"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/35685"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/35812"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36152"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.irssi.org/ChangeLog"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:133"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/05/29/3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35399"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022410"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-800-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1596"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51184"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.irssi.org/index.php?do=details&task_id=662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.irssi.org/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/05/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-800-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}