ircII Status_Make_Printable Memory Corruption Vulnerability
A buffer overflow vulnerability has been reported in ircII. The vulnerability is related to the way ircII refreshes its status bar. Some functions do not properly account for some control characters when attempting to refresh the status bar.
This issue is exploitable by a malicious IRC server that sends an overly long response to the vulnerable ircII client. As the client does not make proper checks for control characters when updating the status bar, it will result in the corruption of sensitive memory with attacker-supplied values.
This will cause the client to behave in an unpredictable manner and possibly execute attacker-supplied code.
This issue was reported in ircII build 20020912. Other versions may also be affected.