CVE-2017-15721 — NULL Pointer Dereference in Irssi

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

0.7%

top 27.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Debian Linux

Timeline

PublishedOct 22

Latest updateMay 14

Description

In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.5-1 (bookworm)

▶Debianirssi/irssi< 1.0.5-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.3+1

▶NVDirssi/irssi1.0.4

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: openwall.com ↗Patch: irssi.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-v58c-vj35-4q53: In Irssi before 1↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-10-26

▶

OSV

CVE-2017-15721: In Irssi before 1↗2017-10-22

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-10-26

▶

Red Hat

irssi: NULL pointer dereference due to incorrectly formatted DCC CTCP messages↗2017-10-22

▶

Debian

CVE-2017-15721: irssi - In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cau...↗2017

▶

💬Community

Bugzilla

CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 irssi: various flaws [fedora-all]↗2017-11-08

▶

Bugzilla

CVE-2017-15721 irssi: NULL pointer dereference due to incorrectly formatted DCC CTCP messages↗2017-11-08

▶