CVE-2017-9469

HIGH

Irssi < 1.0.3 - Denial of Service via Incorrectly Quoted DCC Files

Title source: llm
STIX 2.1

Description

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3885
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://openwall.com/lists/oss-security/2017/06/06/4
Patch, Vendor Advisory x_refsource_confirm
https://irssi.org/security/irssi_sa_2017_06.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99043
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038621

Scores

CVSS v3 7.5
EPSS 0.0608
EPSS Percentile 92.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (3)
debian/debian_linux 8.0
debian/debian_linux 9.0
irssi/irssi < 1.0.2
Published Jun 07, 2017
Tracked Since Feb 18, 2026