CVE-2017-15228 — Out-of-bounds Read in Irssi

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

0.4%

top 42.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi

Timeline

PublishedOct 22

Latest updateMay 14

Description

Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.5-1 (bookworm)

▶Debianirssi/irssi< 1.0.5-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.3+1

▶NVDirssi/irssi1.0.4

Patches

Patch: openwall.com ↗Patch: irssi.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-9pjj-33mj-c4qq: Irssi before 1↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-10-26

▶

OSV

CVE-2017-15228: Irssi before 1↗2017-10-22

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-10-26

▶

Red Hat

irssi: Out-of-bounds access when installing themes with unterminated colour formatting sequences↗2017-10-22

▶

Debian

CVE-2017-15228: irssi - Irssi before 1.0.5, when installing themes with unterminated colour formatting s...↗2017

▶

💬Community

Bugzilla

CVE-2017-15228 irssi: Out-of-bounds access when installing themes with unterminated colour formatting sequences↗2017-11-08

▶

Bugzilla

CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 irssi: various flaws [fedora-all]↗2017-11-08

▶