Vulnerability Description
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Irssi | Irssi | <= 1.0.2 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/06/06/4Mailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3885Third Party Advisory
- http://www.securityfocus.com/bid/99043Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038621Third Party AdvisoryVDB Entry
- https://irssi.org/security/irssi_sa_2017_06.txtPatchVendor Advisory
- http://openwall.com/lists/oss-security/2017/06/06/4Mailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3885Third Party Advisory
- http://www.securityfocus.com/bid/99043Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038621Third Party AdvisoryVDB Entry
- https://irssi.org/security/irssi_sa_2017_06.txtPatchVendor Advisory
FAQ
What is CVE-2017-9469?
CVE-2017-9469 is a vulnerability with a CVSS score of 7.5 (HIGH). In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a...
How severe is CVE-2017-9469?
CVE-2017-9469 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9469?
Check the references section above for vendor advisories and patch information. Affected products include: Irssi Irssi, Debian Debian Linux.