Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Remote unauthenticated (AV:N/PR:N), but AC:H because the legacy IRC helper must be non-default enabled and traffic crafted to fail parsing; impact is memory read (C:L) and crash (A:H), no integrity.
Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).
CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack_irc: fix possible out-of-bounds read
When parsing fails after we've matched the command string we should bail out instead of trying to match a different command.
This helper should be deprecated, given prevalence of TLS I doubt it has any relevance in 2026.
AnalysisAI
Out-of-bounds read in the Linux kernel's netfilter IRC connection-tracking helper (nf_conntrack_irc) lets remote attackers leak adjacent kernel memory or crash the host when the parser fails to bail out after matching a DCC command string. The CVSS 3.1 vector (AV:N/PR:N) describes unauthenticated remote reachability with low confidentiality impact and high availability impact, but exploitation is gated on the legacy IRC conntrack helper being loaded and assigned to traffic - a non-default condition on most modern systems. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target Linux system to have the netfilter IRC connection-tracking helper (CONFIG_NF_CONNTRACK_IRC / nf_conntrack_irc module) loaded AND actively assigned to traffic, either via the legacy ports= module parameter or an explicit nftables/iptables 'ct helper' rule - this is NOT the default on modern distributions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict and should be reconciled before prioritizing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can route crafted IRC control traffic to a Linux host or firewall that has the nf_conntrack_irc helper active sends a packet containing a matched DCC command followed by malformed parameters that fail parsing. The flawed continue-on-failure logic reads beyond the packet buffer, causing a kernel crash (DoS) or leaking adjacent kernel memory into helper processing. … |
| Remediation | Vendor-released patch: update to a fixed stable kernel - 5.10.259, 5.15.210, 6.1.176, 6.6.143, 6.12.94, 6.18.36, 7.0.13, or 7.1 (or later) on the matching branch, applying your distribution's backported package as it ships the corresponding stable commit (git.kernel.org/stable/c/0afc802160af and the other listed hashes). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Confirm whether nf_conntrack_irc module is enabled on Linux infrastructure (check /proc/modules and iptables rules). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39219
GHSA-3j2m-3xq8-9948