CVE-2008-1501

ircu < 2.10.12.12 and snircd < 1.3.4 - Denial of Service via Malformed MODE Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1501. PoCs published by Chris Porter.

AI-analyzed exploit summary The vulnerability in ircu and snircd involves a missing argument check in the `send_user_mode` function, leading to a potential buffer overflow when processing mode commands. The exploit involves sending a crafted `/mode` command with repeated modes to trigger the vulnerability.

Description

The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Chris Porter · textdosmultiple
https://www.exploit-db.com/exploits/5306

The vulnerability in ircu and snircd involves a missing argument check in the `send_user_mode` function, leading to a potential buffer overflow when processing mode commands. The exploit involves sending a crafted `/mode` command with repeated modes to trigger the vulnerability.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: ircu (up to 2.10.12.12), snircd (up to 1.3.4)
No auth needed
Prerequisites: Access to an IRC server running vulnerable software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41401
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29486
Various Sources x_refsource_confirm
http://hg.quakenet.org/snircd/rev/2da2b881d9f5
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489990/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0977
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019687
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28413
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43613
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3779
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41397
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5306
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019688
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0978
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29481

Scores

EPSS 0.1961
EPSS Percentile 95.5%

Details

Status published
Products (2)
ircu/ircu < 2.10.12.12
quakenet/snircd < 1.3.4
Published Mar 25, 2008
Tracked Since Feb 18, 2026