ID:

CVE-2010-3438 (NVD)

- Vulnerability Info (edit)
2019-11-12

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.

Products Debian_linux, Fedora, Libpoe\-Component\-Irc\-Perl
Type Use of Externally-Controlled Format String (CWE-134)
First patch - None (likely due to unavailable code)
Links https://security-tracker.debian.org/tracker/CVE-2010-3438
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194
Annotation

Note:

No patch was assigned yet.