Bitchx
by Bitchx
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4584 | 0.04 | — | 0.15 | Aug 29, 2007 | Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. | |||
| CVE-2007-3360 | 0.04 | — | 0.07 | Jun 22, 2007 | hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | |||
| CVE-2001-0050 | 0.04 | — | 0.15 | Feb 16, 2001 | Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. | |||
| CVE-2003-1450 | 0.03 | — | 0.04 | Dec 31, 2003 | BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | |||
| CVE-2007-5922 | 0.00 | — | 0.01 | Nov 10, 2007 | The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | |||
| CVE-2007-5839 | 0.00 | — | 0.00 | Nov 6, 2007 | The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | |||
| CVE-2007-4399 | 0.00 | — | 0.02 | Aug 18, 2007 | CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||
| CVE-2003-0322 | 0.00 | — | 0.01 | Jun 9, 2003 | Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash). | |||
| CVE-2003-0321 | 0.00 | — | 0.04 | Jun 9, 2003 | Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1)… | |||
| CVE-2003-0334 | 0.00 | — | 0.00 | May 10, 2003 | BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c. |
- CVE-2007-4584Aug 29, 2007risk 0.04cvss —epss 0.15
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
- CVE-2007-3360Jun 22, 2007risk 0.04cvss —epss 0.07
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
- CVE-2001-0050Feb 16, 2001risk 0.04cvss —epss 0.15
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
- CVE-2003-1450Dec 31, 2003risk 0.03cvss —epss 0.04
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
- CVE-2007-5922Nov 10, 2007risk 0.00cvss —epss 0.01
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
- CVE-2007-5839Nov 6, 2007risk 0.00cvss —epss 0.00
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
- CVE-2007-4399Aug 18, 2007risk 0.00cvss —epss 0.02
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
- CVE-2003-0322Jun 9, 2003risk 0.00cvss —epss 0.01
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
- CVE-2003-0321Jun 9, 2003risk 0.00cvss —epss 0.04
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1)…
- CVE-2003-0334May 10, 2003risk 0.00cvss —epss 0.00
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.