Package(s):	epic4	CVE #(s):	CAN-2003-0328
Created:	November 10, 2003	Updated:	November 25, 2003
Description:	Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Alerts:	Red Hat RHSA-2003:342-01 EPIC 2003-11-17 Fedora FEDORA-2003-008 epic 2003-11-12 Debian DSA-399-1 epic4 2003-11-10

---

to post comments