CVE-2017-9469 Information

Description

In Irssi before 1.0.3 when receiving certain incorrectly quoted DCC files it tries to find the terminating quote one byte before the allocated memory. Thus remote attackers might be able to cause a crash.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://openwall.com/lists/oss-security/2017/06/06/4 http://www.debian.org/security/2017/dsa-3885 http://www.securityfocus.com/bid/99043 http://www.securitytracker.com/id/1038621 https://irssi.org/security/irssi_sa_2017_06.txt

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5