CVE-2007-4398
EPSS 2.1%
描述
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
如何修補 CVE-2007-4398
要修補 CVE-2007-4398,請將受影響套件升級到下列已修補版本。
- Debian/irssi-scripts—升級至 20070925 或更新版本
- Debian/weechat-scripts—升級至 20070425-0.1 或更新版本
CVE-2007-4398 正在被利用嗎?
低 — EPSS 為 2.1%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 20070925
- from 0, < 20070425-0.1