CVE-2016-7045 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Irssi

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation11 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 27

Latest updateMay 17

Description

The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 0.8.20-1 (bookworm)

▶Debianirssi/irssi< 0.8.20-1+3

▶Ubuntuirssi/irssi< 0.8.19-1ubuntu1.2

▶NVDirssi/irssi0.8.19

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04

Patches

Patch: irssi.org ↗Patch: irssi.org ↗

🔴Vulnerability Details

GHSA

GHSA-f47r-27qv-728c: The format_send_to_gui function in the format parsing code in Irssi before 0↗2022-05-17

▶

OSV

CVE-2016-7045: The format_send_to_gui function in the format parsing code in Irssi before 0↗2016-09-27

▶

OSV

irssi vulnerabilities↗2016-09-21

▶

📋Vendor Advisories

Red Hat

irssi: String length not validated in format_send_to_gui() causing crash↗2016-09-21

▶

Ubuntu

Irssi vulnerabilities↗2016-09-21

▶

Debian

CVE-2016-7045: irssi - The format_send_to_gui function in the format parsing code in Irssi before 0.8.2...↗2016

▶

💬Community

Bugzilla

CVE-2016-7045 irssi: String length not validated in format_send_to_gui() causing crash↗2016-09-22

▶

Bugzilla

CVE-2016-7044 CVE-2016-7045 irssi: various flaws [epel-5]↗2016-09-22

▶

Bugzilla

New upstream release patching CVE-2016-7044 and CVE-2016-7045↗2016-09-22

▶

Bugzilla

CVE-2016-7044 CVE-2016-7045 irssi: various flaws [fedora-all]↗2016-09-22

▶