CVE-2006-6811 — MEDIUM (6.5)

Vulnerability Description

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kde	Ksirc	1.3.12
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-617

References

http://osvdb.org/33443Broken Link
http://security.gentoo.org/glsa/glsa-200701-26.xmlThird Party Advisory
http://securitytracker.com/id?1017453Broken LinkThird Party AdvisoryVDB Entry
http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468Broken Link
http://www.kde.org/info/security/advisory-20070109-1.txtThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:009Broken Link
http://www.securityfocus.com/archive/1/456379/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/21790Broken LinkExploitThird Party Advisory
http://www.ubuntu.com/usn/usn-409-1Third Party Advisory
http://www.vupen.com/english/advisories/2006/5199Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/31134Third Party AdvisoryVDB Entry
https://issues.rpath.com/browse/RPL-922Broken Link
https://www.exploit-db.com/exploits/3023ExploitThird Party AdvisoryVDB Entry
http://osvdb.org/33443Broken Link
http://security.gentoo.org/glsa/glsa-200701-26.xmlThird Party Advisory

FAQ

What is CVE-2006-6811?

CVE-2006-6811 is a vulnerability with a CVSS score of 6.5 (MEDIUM). KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and result...

How severe is CVE-2006-6811?

CVE-2006-6811 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6811?

Check the references section above for vendor advisories and patch information. Affected products include: Kde Ksirc, Canonical Ubuntu Linux.