CVE-2003-0328

EPIC IRC Client <2.002-0 - DoS/Code Injection

Title source: llm

Description

EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Li0n7 · cremotelinux

https://www.exploit-db.com/exploits/23366

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

[Third Party Advisory] http://www.debian.org/security/2003/dsa-306

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-342.html

[Third Party Advisory] http://www.debian.org/security/2003/dsa-399

Scores

EPSS 0.0589

EPSS Percentile 90.6%

Details

Status published

Products (2)

epic/epic4 pre2.002

epic/epic4 pre2.003

Published Jun 09, 2003

Tracked Since Feb 18, 2026