CVE-2010-3438

CRITICAL

libpoe-component-irc-perl <6.32 - Code Injection

Title source: llm

Description

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.

References (3)

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2010-3438

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438

[Mailing List, Patch, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (6)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 12

fedoraproject/fedora 13

libpoe-component-irc-perl_project/libpoe-component-irc-perl < 6.32

Published Nov 12, 2019

Tracked Since Feb 18, 2026