CVE-2010-3438
Last modified
CVE-2010-3438 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.. EPSS estimates a 1.65% chance of exploitation in the next 30 days.
Description
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libpoe-Component-Irc-Perl Project | Libpoe-Component-Irc-Perl | < 6.32 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 12 |
| Fedoraproject | Fedora | 13 |
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194Mailing List, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438Issue Tracking, Patch, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2010-3438Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194Mailing List, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438Issue Tracking, Patch, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2010-3438Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-3438?
How severe is CVE-2010-3438?
How do I fix CVE-2010-3438?
Are you affected by CVE-2010-3438?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST