CVE-2009-1959

irssi 0.8.13 - Denial of Service via Empty IRC Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1959. PoCs published by nemo.

AI-analyzed exploit summary The provided text describes an off-by-one heap-based memory corruption vulnerability in Irssi 0.8.13, which can lead to a denial-of-service or potential arbitrary code execution. The example IRC command ': WALLOPS \001ACTION' is given as a trigger for the vulnerability.

Description

Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

Exploits (1)

exploitdb WRITEUP VERIFIED

by nemo · textdoslinux

https://www.exploit-db.com/exploits/33041

View Code ZIP pw:eip

The provided text describes an off-by-one heap-based memory corruption vulnerability in Irssi 0.8.13, which can lead to a denial-of-service or potential arbitrary code execution. The example IRC command ': WALLOPS \001ACTION' is given as a trigger for the vulnerability.

Classification

Writeup 80%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Irssi 0.8.13

No auth needed

Prerequisites: Access to an IRC network where the vulnerable Irssi client is connected

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Exploit x_refsource_misc

http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022410

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2009/05/29/3

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35399

Exploit, Vendor Advisory x_refsource_confirm

http://www.irssi.org/ChangeLog

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.html

Exploit, Vendor Advisory x_refsource_confirm

http://bugs.irssi.org/index.php?do=details&task_id=662

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35685

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1596

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-800-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35812

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:133

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51184

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36152

Scores

EPSS 0.0838

EPSS Percentile 94.3%

Details

CWE

CWE-189

Status published

Products (1)

irssi/irssi 0.8.13

Published Jun 08, 2009

Tracked Since Feb 18, 2026