Published: 07/06/2017 Updated: 14/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Irssi prior to 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
irssi irssi
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #864400 irssi: CVE-2017-9468 CVE-2017-9469 Package: src:irssi; Maintainer for src:irssi is Rhonda D'Vine <rhonda@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Jun 2017 05:33:02 UTC Severity: important Tags: patch, security, upstream Found in version irssi/0 ...

Irssi could be made to crash if it received specially crafted network traffic ...

Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9468 Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host A malicious IRC server can take advantage of this flaw ...

In Irssi before 103, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory Thus, remote attackers might be able to cause a crash ...

CWE-119 https://irssi.org/security/irssi_sa_2017_06.txt http://openwall.com/lists/oss-security/2017/06/06/4 http://www.securityfocus.com/bid/99043 http://www.securitytracker.com/id/1038621 http://www.debian.org/security/2017/dsa-3885 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864400 https://usn.ubuntu.com/3317-1/https://nvd.nist.gov

CVE-2017-9469

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect