Vulnerability Details : CVE-2006-6811
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2006-6811
- cpe:2.3:a:kde:ksirc:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6811
5.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6811
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | 2024-02-08 |
CWE ids for CVE-2006-6811
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-6811
-
Red Hat 2007-01-18We do not consider a crash of a client application such as KsIRC to be a security issue.
References for CVE-2006-6811
-
http://www.vupen.com/english/advisories/2006/5199
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://security.gentoo.org/glsa/glsa-200701-26.xml
KSirc: Denial of Service vulnerability (GLSA 200701-26) — Gentoo securityThird Party Advisory
-
http://osvdb.org/33443
Broken Link
-
http://www.kde.org/info/security/advisory-20070109-1.txt
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-409-1
USN-409-1: ksirc vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:009
MandrivaBroken Link
-
https://issues.rpath.com/browse/RPL-922
Broken Link
-
http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31134
KDE KsIRC PRIVMSG buffer overflow CVE-2006-6811 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://securitytracker.com/id?1017453
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/21790
Broken Link;Exploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/3023
KsIRC 1.3.12 - 'PRIVMSG' Remote Buffer Overflow (PoC) - Linux dos ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/456379/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
Jump to