CVE-2003-0323
epic4 - buffer overflows
EPSS 1.0%
Description
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
How to fix CVE-2003-0323
To remediate CVE-2003-0323, upgrade the affected package to a fixed version below.
- Debian/epic4—upgrade to 1:1.1.11.20030409-1 or later
- Debian/epic4—upgrade to 1.1.2.20020219-2.1 or later
- —upgrade to 20030315-1 or later
- —upgrade to 20020322-1.1 or later
Is CVE-2003-0323 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1:1.1.11.20030409-1
- from 0, < 1.1.2.20020219-2.1
- from 0, < 20030315-1
- from 0, < 20020322-1.1