CVE-2009-20007

CRITICAL

Talkative IRC v0.4.4.16 - Buffer Overflow

Title source: llm

Description

Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16459

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by LiquidWorm · perlremotewindows

https://www.exploit-db.com/exploits/8227

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/talkative_response.rb

View Code ZIP pw:eip

References (6)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/talkative_response.rb

[Various Sources] https://web.archive.org/web/20090116203306/http://www.talkative-irc.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16459

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8227

[Third Party Advisory] https://www.vulncheck.com/advisories/talkative-irc-response-buffer-overflow

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4909.php

Scores

CVSS v4 9.3

EPSS 0.5975

EPSS Percentile 98.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-121

Status published

Products (1)

Talkative/Talkative IRC < 0.4.4.16

Published Sep 16, 2025

Tracked Since Feb 18, 2026