VDB
CVE-2009-4016
CVE-2009-4016
REJECTED
Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.
EPSS 4.01% · 88.7th percentile
Risk Scores
EPSS Score
4.01%
88.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | ircd-ratbox | 0, * |
Exploit Intelligence
- 38382 (circl)
- 38381 (circl)
- [ircd-ratbox] 20100125 ircd-ratbox-2.2.9 released (circl)
- DSA-1980 (circl)
- 38383 (circl)
- http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES (circl)
- 37978 (circl)
- http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev (circl)
- 38210 (circl)
- http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz (circl)
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2009-4016 third-party-advisory
- http://www.debian.org/security/2010/dsa-1980 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2009-4016 third-party-advisory