CVE-2017-9469
Published: 6 June 2017
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
Priority
Status
Package | Release | Status |
---|---|---|
irssi Launchpad, Ubuntu, Debian |
trusty |
Released
(0.8.15-5ubuntu3.2)
|
upstream |
Needs triage
|
|
xenial |
Released
(0.8.19-1ubuntu1.4)
|
|
yakkety |
Released
(0.8.19-1ubuntu2.2)
|
|
zesty |
Released
(0.8.20-2ubuntu2.1)
|
|
Patches: upstream: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |