CVE-2017-9469
HIGHIrssi < 1.0.3 - Denial of Service via Incorrectly Quoted DCC Files
Title source: llmDescription
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3885
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://openwall.com/lists/oss-security/2017/06/06/4
Patch, Vendor Advisory x_refsource_confirm
https://irssi.org/security/irssi_sa_2017_06.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99043
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038621
Scores
CVSS v3
7.5
EPSS
0.0608
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (3)
debian/debian_linux
8.0
debian/debian_linux
9.0
irssi/irssi
< 1.0.2
Published
Jun 07, 2017
Tracked Since
Feb 18, 2026