ByteOS Network

Vulnerability Details :

CVE-2009-4016

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-04 Feb, 2010 | 18:00

Updated At-16 Sep, 2024 | 20:58

Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:04 Feb, 2010 | 18:00

Updated At:16 Sep, 2024 | 20:58

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/38382	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/38381	third-party-advisory x_refsource_SECUNIA
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html	mailing-list x_refsource_MLIST
http://www.debian.org/security/2010/dsa-1980	vendor-advisory x_refsource_DEBIAN
http://secunia.com/advisories/38383	third-party-advisory x_refsource_SECUNIA
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES	x_refsource_CONFIRM
http://www.securityfocus.com/bid/37978	vdb-entry x_refsource_BID
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev	x_refsource_CONFIRM
http://secunia.com/advisories/38210	third-party-advisory x_refsource_SECUNIA
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz	x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/38382

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/38381

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.debian.org/security/2010/dsa-1980

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://secunia.com/advisories/38383

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/37978

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/38210

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/38382	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/38381	third-party-advisory x_refsource_SECUNIA x_transferred
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html	mailing-list x_refsource_MLIST x_transferred
http://www.debian.org/security/2010/dsa-1980	vendor-advisory x_refsource_DEBIAN x_transferred
http://secunia.com/advisories/38383	third-party-advisory x_refsource_SECUNIA x_transferred
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/37978	vdb-entry x_refsource_BID x_transferred
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/38210	third-party-advisory x_refsource_SECUNIA x_transferred
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz	x_refsource_CONFIRM x_transferred

Hyperlink: http://secunia.com/advisories/38382

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/38381

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.debian.org/security/2010/dsa-1980

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://secunia.com/advisories/38383

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/37978

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/38210

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:04 Feb, 2010 | 20:15

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

ircd-hybrid>>ircd-hybrid>>7.2.2

cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.2:*:*:*:*:*:*:*

ircd-hybrid>>ircd-hybrid>>7.2.3

cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>Versions up to 2.2.8(inclusive)

cpe:2.3:a:ircd-ratbox:ircd-ratbox:*:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.0:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.1.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.1.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.2.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.2.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.2.3

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.3

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.3.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.3.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.4

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.4

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4:rc1:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.4

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4:rc2:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.4.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.4.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.5

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.5:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.5.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.5.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.5.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.5.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>1.5.3

cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.5.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.0:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.3

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.4

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.4:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.5

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.5:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.6

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.6:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.7

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.7:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.8

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.8:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.9

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.9:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.10

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.10:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.0.11

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.0.11:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.0:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.0:beta1:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.0:beta2:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.1:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.2

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.2:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.3

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.3:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.4

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.4:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.5

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.5:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.6

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.6:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.7

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.7:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.1.8

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.1.8:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.2.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.2.0:*:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.2.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.2.0:rc1:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.2.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.2.0:rc2:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.2.0

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.2.0:rc3:*:*:*:*:*:*

ircd-ratbox>>ircd-ratbox>>2.2.1

cpe:2.3:a:ircd-ratbox:ircd-ratbox:2.2.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

CWE ID: CWE-189

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html	cve@mitre.org	N/A
http://secunia.com/advisories/38210	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/38381	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/38382	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/38383	cve@mitre.org	Vendor Advisory
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz	cve@mitre.org	Patch
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev	cve@mitre.org	N/A
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES	cve@mitre.org	N/A
http://www.debian.org/security/2010/dsa-1980	cve@mitre.org	Patch
http://www.securityfocus.com/bid/37978	cve@mitre.org	N/A
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/38210	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/38381	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/38382	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/38383	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz	af854a3a-2127-422b-91ae-364da2661108	Patch
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev	af854a3a-2127-422b-91ae-364da2661108	N/A
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2010/dsa-1980	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.securityfocus.com/bid/37978	af854a3a-2127-422b-91ae-364da2661108	N/A