OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

bnc -- buffer overflow vulnerability

Affected packages
bnc < 2.9.1

Details

VuXML ID 72004e00-3363-11d9-b968-00065bd5b0b6
Discovery 2004-11-10
Entry 2004-11-10

There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from some IRC server. When BNC is connected to some IRC server, it will send 'USER' and 'NICK' command. Server response is at some point processed with getnickuserhost() function.

References

Message 20041110131046.GA21604.cecilija@zesoi.fer.hr

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.