CVE-2017-15722 — Out-of-bounds Read in Irssi

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

5.9MEDIUMNVD

OSV9.8

EPSS

0.7%

top 28.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Debian Linux

Timeline

PublishedOct 22

Latest updateMay 14

Description

In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.5-1 (bookworm)

▶Debianirssi/irssi< 1.0.5-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.3+1

▶NVDirssi/irssi1.0.4

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: openwall.com ↗Patch: irssi.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-63fm-gg2w-fv97: In certain cases, Irssi before 1↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-10-26

▶

OSV

CVE-2017-15722: In certain cases, Irssi before 1↗2017-10-22

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-10-26

▶

Red Hat

irssi: Out-of-bounds access while verifying that a Safe channel ID is long enough↗2017-10-22

▶

Debian

CVE-2017-15722: irssi - In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID i...↗2017

▶

💬Community

Bugzilla

CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 irssi: various flaws [fedora-all]↗2017-11-08

▶

Bugzilla

CVE-2017-15722 irssi: Out-of-bounds access while verifying that a Safe channel ID is long enough↗2017-11-08

▶