Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
CVSS Score
10.0
EPSS Score
0.015
Published
2005-03-01
The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.
CVSS Score
7.5
EPSS Score
0.01
Published
2004-12-31
BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.
CVSS Score
7.5
EPSS Score
0.009
Published
2004-12-31