Published: 15/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x prior to 1.7.3 allow remote malicious users to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
konversation konversation
debian debian linux 9.0
debian debian linux 7.0
debian debian linux 8.0

Debian Bug report logs - #881586 Konversation CVE-2017-15923 Package: konversation; Maintainer for konversation is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for konversation is src:konversation (PTS, buildd, popcon) Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Mon, 13 Nov 201 ...

Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat (IRC) client for KDE, could crash when parsing certain IRC color formatting codes For the oldstable distribution (jessie), this problem has been fixed in version 15-2+deb8u1 For the stable distribution (stretch), this problem has been fixed in version 162-2+deb9u1 ...

A denial of service vulnerability has been discovered in Konversation before 173 when handling colors in IRC messages Any malicious user connected to the same IRC network could send a carefully crafted message that would crash the Konversation user client ...

NVD-CWE-noinfo https://www.debian.org/security/2017/dsa-4033 https://konversation.kde.org/https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 https://lists.debian.org/debian-lts-announce/2017/11/msg00020.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881586 https://nvd.nist.gov https://www.debian.org/security/./dsa-4033

CVE-2017-15923

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect