Detections
Analytics
Alpine: multiple irssi packages: security update to 1.0.3-r0 (deprecated)
critical Tenable Self-Hosted Container Security Plugin ID 400859
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi
would try to dereference a NULL pointer. (CVE-2017-10965)
- An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could
incorrectly use the GHashTable interface and free the nick while updating it. This would then result in
use-after-free conditions on each access of the hash table. (CVE-2017-10966)
See Also
https://git.alpinelinux.org/aports/commit/?id=255a2e7c04fb35198c757ec5e35769516dee9ef9
https://git.alpinelinux.org/aports/commit/?id=9bc3f54fec9312929bb5b10107eb3b13e44227bb
Plugin Details
Severity: Critical
ID: 400859
Version: Revision 1.22
Type: Local
Published: 8/16/2023
Updated: 1/17/2024
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-10966
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 7/8/2017
Vulnerability Publication Date: 7/7/2017
Reference Information
CVE: CVE-2017-10965, CVE-2017-10966