Lucene search

[email protected]CVE-2003-0478

HistoryAug 07, 2003 - 4:00 a.m.

CVE-2003-0478

2003-08-0704:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0478

format string vulnerability

bahamut ircd

irc daemons

remote attack

denial of service

arbitrary code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.

Affected configurations

NVD

Node

andromedeadromedeircdMatch1.2.3

daniel_mossmethaneMatch0.1.1

hans_westerhofdigatechMatch1.2.1

wenetircd-ru

Node

bahamutircdRange≤1.4.35

CPENameOperatorVersion
andromede:adromedeircdandromede adromedeircdeq1.2.3
daniel_moss:methanedaniel moss methaneeq0.1.1
hans_westerhof:digatechhans westerhof digatecheq1.2.1
wenet:ircd-ruwenet ircd-rueq*

CPE	Name	Operator	Version
andromede:adromedeircd	andromede adromedeircd	eq	1.2.3
daniel_moss:methane	daniel moss methane	eq	0.1.1
hans_westerhof:digatech	hans westerhof digatech	eq	1.2.1
wenet:ircd-ru	wenet ircd-ru	eq	*

References

marc.info/?l=bugtraq&m=105665996104723&w=2

marc.info/?l=bugtraq&m=105673489525906&w=2

marc.info/?l=bugtraq&m=105673555726823&w=2

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for CVE-2003-0478

cvelist1 nvd1 nessus1