CVE-2009-10006

UNKNOWN 0.0

UFO: Alien Invasion <= 2.2.1 IRC Client Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.

CWE	CWE-121
Vendor	ufo: alien invasion project
Product	ufo: alien invasion
Published	Aug 22, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for ufo: alien invasion project ufo: alien invasion

Be the first to know when new unknown vulnerabilities affecting ufo: alien invasion project ufo: alien invasion are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

UFO: Alien Invasion Project / UFO: Alien Invasion

* ≤ 2.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/ufo_ai.rb raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/misc/ufo_ai.rb exploit-db.com: https://www.exploit-db.com/exploits/16864 exploit-db.com: https://www.exploit-db.com/exploits/14013 moddb.com: https://www.moddb.com/news/ufo-alien-invasion-231-released vulncheck.com: https://www.vulncheck.com/advisories/ufo-alien-invasion-irc-client-buffer-overflow

Credits

Jason Geffner