CVE-2016-7044 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Irssi

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation11 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 27

Latest updateMay 17

Description

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 0.8.20-1 (bookworm)

▶Debianirssi/irssi< 0.8.20-1+3

▶Ubuntuirssi/irssi< 0.8.19-1ubuntu1.2

▶NVDirssi/irssi0.8.19

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04

Patches

Patch: irssi.org ↗Patch: irssi.org ↗

🔴Vulnerability Details

GHSA

GHSA-pcc5-fpf6-mmhc: The unformat_24bit_color function in the format parsing code in Irssi before 0↗2022-05-17

▶

OSV

CVE-2016-7044: The unformat_24bit_color function in the format parsing code in Irssi before 0↗2016-09-27

▶

OSV

irssi vulnerabilities↗2016-09-21

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2016-09-21

▶

Red Hat

irssi: Unchecked input in unformat_24bit_color() can lead to crash↗2016-09-21

▶

Debian

CVE-2016-7044: irssi - The unformat_24bit_color function in the format parsing code in Irssi before 0.8...↗2016

▶

💬Community

Bugzilla

CVE-2016-7044 CVE-2016-7045 irssi: various flaws [epel-5]↗2016-09-22

▶

Bugzilla

New upstream release patching CVE-2016-7044 and CVE-2016-7045↗2016-09-22

▶

Bugzilla

CVE-2016-7044 CVE-2016-7045 irssi: various flaws [fedora-all]↗2016-09-22

▶

Bugzilla

CVE-2016-7044 irssi: Unchecked input in unformat_24bit_color() can lead to crash↗2016-09-22

▶