CVE-2007-4398

Description

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

How to fix CVE-2007-4398

To remediate CVE-2007-4398, upgrade the affected package to a fixed version below.

• Debian/irssi-scripts—upgrade to 20070925 or later
• Debian/weechat-scripts—upgrade to 20070425-0.1 or later

Is CVE-2007-4398 being exploited?

Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 20070925
• from 0, < 20070425-0.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4398