Published: 27/02/2017 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The buf.pl script prior to 2.20 in Irssi prior to 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
irssi buf.pl

Debian Bug report logs - #838762 irssi: CVE-2016-7553: information disclosure vulnerability in bufpl Package: irssi; Maintainer for irssi is Rhonda D'Vine <rhonda@debianorg>; Source for irssi is src:irssi (PTS, buildd, popcon) Reported by: Holger Levsen <holger@layer-achtorg> Date: Sat, 24 Sep 2016 13:27:05 UTC S ...

Several security issues were fixed in Irssi ...

The bufpl script before 220 in Irssi before 0820 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file ...

CWE-275 https://irssi.org/security/buf_pl_sa_2016.txt https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a http://www.securityfocus.com/bid/93155 http://www.openwall.com/lists/oss-security/2016/09/26/4 http://www.openwall.com/lists/oss-security/2016/09/24/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838762 https://usn.ubuntu.com/3184-1/https://nvd.nist.gov

CVE-2016-7553

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect