CVE-2009-4016
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
04/02/2010
Last modified:
11/04/2025
Description
Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:*:*:*:*:*:*:*:* | 2.2.8 (including) | |
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ircd-ratbox:ircd-ratbox:1.4:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
- http://secunia.com/advisories/38210
- http://secunia.com/advisories/38381
- http://secunia.com/advisories/38382
- http://secunia.com/advisories/38383
- http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
- http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
- http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES
- http://www.debian.org/security/2010/dsa-1980
- http://www.securityfocus.com/bid/37978
- http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
- http://secunia.com/advisories/38210
- http://secunia.com/advisories/38381
- http://secunia.com/advisories/38382
- http://secunia.com/advisories/38383
- http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
- http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
- http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES
- http://www.debian.org/security/2010/dsa-1980
- http://www.securityfocus.com/bid/37978