Vulnerability Description
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpoe-Component-Irc-Perl Project | Libpoe-Component-Irc-Perl | < 6.32 |
| Debian | Debian Linux | 8.0 |
| Fedoraproject | Fedora | 12 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194Mailing ListPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438Issue TrackingPatchThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2010-3438Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194Mailing ListPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438Issue TrackingPatchThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2010-3438Third Party Advisory
FAQ
What is CVE-2010-3438?
CVE-2010-3438 is a vulnerability with a CVSS score of 9.8 (CRITICAL). libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'priv...
How severe is CVE-2010-3438?
CVE-2010-3438 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2010-3438?
Check the references section above for vendor advisories and patch information. Affected products include: Libpoe-Component-Irc-Perl Project Libpoe-Component-Irc-Perl, Debian Debian Linux, Fedoraproject Fedora.