CVE-2017-9469

high

Description

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

References

http://openwall.com/lists/oss-security/2017/06/06/4

http://www.debian.org/security/2017/dsa-3885

http://www.securityfocus.com/bid/99043

http://www.securitytracker.com/id/1038621

https://irssi.org/security/irssi_sa_2017_06.txt

Details

Source: MITRE

Published: 2017-06-07

Updated: 2019-03-14

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH