CVE-2009-20007
Severity CVSS v4.0:
CRITICAL
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
References to Advisories, Solutions, and Tools
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/talkative_response.rb
- https://web.archive.org/web/20090116203306/http://www.talkative-irc.com/
- https://www.exploit-db.com/exploits/16459
- https://www.exploit-db.com/exploits/8227
- https://www.vulncheck.com/advisories/talkative-irc-response-buffer-overflow
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4909.php
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/talkative_response.rb
- https://www.exploit-db.com/exploits/16459
- https://www.exploit-db.com/exploits/8227
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4909.php