Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ym1e-db76-sugt

Summary The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

Aliases

alias	CVE-2010-2785

Fixed_packages

url	pkg:deb/debian/kvirc@4:4.0.0-3?distro=trixie
purl	pkg:deb/debian/kvirc@4:4.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:4.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/kvirc@4:4.0.2-1
purl	pkg:deb/debian/kvirc@4:4.0.2-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:4.0.2-1

url	pkg:deb/debian/kvirc@4:5.0.0%2Bdfsg-5?distro=trixie
purl	pkg:deb/debian/kvirc@4:5.0.0%2Bdfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:5.0.0%252Bdfsg-5%3Fdistro=trixie

url	pkg:deb/debian/kvirc@4:5.0.0%2Bdfsg-6?distro=trixie
purl	pkg:deb/debian/kvirc@4:5.0.0%2Bdfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:5.0.0%252Bdfsg-6%3Fdistro=trixie

url	pkg:deb/debian/kvirc@4:5.2.6-2?distro=trixie
purl	pkg:deb/debian/kvirc@4:5.2.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:5.2.6-2%3Fdistro=trixie

url	pkg:deb/debian/kvirc@4:5.2.10-1?distro=trixie
purl	pkg:deb/debian/kvirc@4:5.2.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@4:5.2.10-1%3Fdistro=trixie

url	pkg:ebuild/net-irc/kvirc@4.1_pre4693
purl	pkg:ebuild/net-irc/kvirc@4.1_pre4693
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-irc/kvirc@4.1_pre4693

Affected_packages

url pkg:deb/debian/kvirc@1:2.1.2-11

purl pkg:deb/debian/kvirc@1:2.1.2-11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4usm-acws-1bgx

vulnerability	VCID-69dz-a94k-gyfy

vulnerability	VCID-9kj7-6bgp-9yes

vulnerability	VCID-ym1e-db76-sugt

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@1:2.1.2-11

url pkg:deb/debian/kvirc@2:2.1.3.1-2

purl pkg:deb/debian/kvirc@2:2.1.3.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4usm-acws-1bgx

vulnerability	VCID-69dz-a94k-gyfy

vulnerability	VCID-9kj7-6bgp-9yes

vulnerability	VCID-ym1e-db76-sugt

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@2:2.1.3.1-2

url pkg:deb/debian/kvirc@2:3.2.4-5

purl pkg:deb/debian/kvirc@2:3.2.4-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69dz-a94k-gyfy

vulnerability	VCID-9kj7-6bgp-9yes

vulnerability	VCID-ym1e-db76-sugt

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@2:3.2.4-5

url pkg:deb/debian/kvirc@2:3.4.0-6

purl pkg:deb/debian/kvirc@2:3.4.0-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69dz-a94k-gyfy

vulnerability	VCID-9kj7-6bgp-9yes

vulnerability	VCID-ym1e-db76-sugt

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kvirc@2:3.4.0-6

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-2785

reference_id

reference_type

scores

value	0.11266
scoring_system	epss
scoring_elements	0.93659
published_at	2026-06-04T12:55:00Z

value	0.11266
scoring_system	epss
scoring_elements	0.93669
published_at	2026-06-06T12:55:00Z

value	0.11266
scoring_system	epss
scoring_elements	0.93668
published_at	2026-06-07T12:55:00Z

value	0.11266
scoring_system	epss
scoring_elements	0.93667
published_at	2026-06-08T12:55:00Z

value	0.11266
scoring_system	epss
scoring_elements	0.93674
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-2785

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2785

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34385.txt
reference_id	CVE-2010-2785;OSVDB-66648
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34385.txt

reference_url	https://www.securityfocus.com/bid/42026/info
reference_id	CVE-2010-2785;OSVDB-66648
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/42026/info

reference_url	https://security.gentoo.org/glsa/201402-20
reference_id	GLSA-201402-20
reference_type
scores
url	https://security.gentoo.org/glsa/201402-20

Weaknesses

Exploits

date_added	2010-07-28
description	KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2010-07-28
exploit_type	remote
platform	linux
source_date_updated	2014-08-21
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/42026/info

Severity_range_score null

Exploitability 2.0

Weighted_severity 0.1

Risk_score 0.2

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ym1e-db76-sugt

Vulnerability Instance