CVE-2006-6811

MEDIUM

KsIRC 1.3.12 - Denial of Service via Long PRIVMSG String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6811. PoCs published by Federico L. Bossi Bonin.

AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow in KSirc 1.3.12 via a crafted PRIVMSG command. It sends a large payload to trigger the vulnerability, potentially leading to remote code execution.

Description

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico L. Bossi Bonin · cdoslinux

https://www.exploit-db.com/exploits/3023

View Code ZIP pw:eip

This exploit demonstrates a remote buffer overflow in KSirc 1.3.12 via a crafted PRIVMSG command. It sends a large payload to trigger the vulnerability, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KSirc 1.3.12

No auth needed

Prerequisites: Network access to the target IRC client

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-409-1

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-922

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3023

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5199

Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/456379/100/0/threaded

Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21790

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:009

Third Party Advisory x_refsource_confirm

http://www.kde.org/info/security/advisory-20070109-1.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31134

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/33443

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017453

Broken Link x_refsource_misc

http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200701-26.xml

Scores

CVSS v3 6.5

EPSS 0.0999

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-617

Status published

Products (4)

canonical/ubuntu_linux 5.10

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

kde/ksirc 1.3.12

Published Dec 29, 2006

Tracked Since Feb 18, 2026