bitchx 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、バッファオーバーフロー, and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2007-5922 | The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | [email protected] | 5.0 | 0.34% | 2007-11-10 | 2026-04-23 |
| CVE-2007-5839 | The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | [email protected] | 4.6 | 0.04% | 2007-11-06 | 2026-04-23 |
| CVE-2007-4584 | Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. | [email protected] | 10.0 | 4.99% | 2007-08-29 | 2026-04-23 |
| CVE-2007-3360 | hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | [email protected] | 9.3 | 10.20% | 2007-06-22 | 2026-04-23 |
| CVE-2003-1450 | BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | [email protected] | 5.0 | 8.92% | 2003-12-31 | 2026-04-16 |