CVE-2017-9469 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Irssi

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129 — Improper Validation of Array Index9 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Debian Linux

Timeline

PublishedJun 7

Latest updateMay 14

Description

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.3-1 (bookworm)

▶Debianirssi/irssi< 1.0.3-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.2+1

▶NVDirssi/irssi1.0.2

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: openwall.com ↗Patch: irssi.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-4fcw-x547-92cj: In Irssi before 1↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-06-12

▶

OSV

CVE-2017-9469: In Irssi before 1↗2017-06-07

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-06-12

▶

Red Hat

irssi: Invalid read when receiving certain incorrectly quoted DCC files↗2017-06-07

▶

Debian

CVE-2017-9469: irssi - In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it t...↗2017

▶

💬Community

Bugzilla

CVE-2017-9468 CVE-2017-9469 irssi: various flaws [fedora-all]↗2017-06-07

▶

Bugzilla

CVE-2017-9469 irssi: Invalid read when receiving certain incorrectly quoted DCC files↗2017-06-07

▶