More IRC Fuzzing


Background

These are some results of my recent efforts of fuzzing IRC-related software.

CVE-2017-14727 in Weechat

From the Weechat security page:

Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer. Workaround: Unload the logger plugin: /plugin unload logger

Mitre CVE Page

Crash in UnrealIRCd

From the UnrealIRCd forum post:

There’s a handshake bug can be triggered before the user is fully connected. This allows a user to crash an UnrealIRCd server, even those with restrictions such as password protected hubs. This one has a CVSSv3 score of 7.5 (High): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

At the time of this post, a CVE ID has not been assigned.

October 1, 2017
132 words


Categories

Tags
fuzzing irc

Connect. Socialize.