CVE-2017-9468NULL Pointer Dereference in Irssi

CWE-476NULL Pointer Dereference15 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IrssiDebian IrssiDebian Linux
Timeline
PublishedJun 7
Latest updateMay 14

Description

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/irssi< irssi 1.0.5-1 (bookworm)+1
Debianirssi/irssi< 1.0.5-1+7
Ubuntuirssi/irssi< 0.8.15-5ubuntu3.2+1
NVDirssi/irssi1.0.2+1

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: openwall.comPatch: irssi.orgPatch: openwall.com

🔴Vulnerability Details

5
GHSA
GHSA-8366-xqph-v5cf: In Irssi before 12022-05-14
GHSA
GHSA-v58c-vj35-4q53: In Irssi before 12022-05-14
OSV
CVE-2017-15721: In Irssi before 12017-10-22
OSV
irssi vulnerabilities2017-06-12
OSV
CVE-2017-9468: In Irssi before 12017-06-07

📋Vendor Advisories

5
Red Hat
irssi: NULL pointer dereference due to incorrectly formatted DCC CTCP messages2017-10-22
Ubuntu
Irssi vulnerabilities2017-06-12
Red Hat
irssi: Null pointer dereference while receiving a DCC message without source nick/host2017-06-07
Debian
CVE-2017-15721: irssi - In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cau...2017
Debian
CVE-2017-9468: irssi - In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it...2017

💬Community

3
Bugzilla
CVE-2017-15721 irssi: NULL pointer dereference due to incorrectly formatted DCC CTCP messages2017-11-08
Bugzilla
CVE-2017-9468 CVE-2017-9469 irssi: various flaws [fedora-all]2017-06-07
Bugzilla
CVE-2017-9468 irssi: Null pointer dereference while receiving a DCC message without source nick/host2017-06-07
CVE-2017-9468 — NULL Pointer Dereference in Irssi | cvebase