CVE-2010-3438
N/A
N/A
Summary
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| libpoe-component-irc-perl | libpoe-component-irc-perl | before v6.32 | affected |
Weaknesses
- stripping of CR/LF allows arbitrary IRC command execution
ADP Enrichment
CVE Program Container
Additional References
- https://security-tracker.debian.org/tracker/CVE-2010-3438
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194
References
- https://security-tracker.debian.org/tracker/CVE-2010-3438
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.