Detections
Analytics
Alpine: multiple irssi packages: security update to 0.8.21-r0
high Tenable Self-Hosted Container Security Plugin ID 405007
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) via a message without a nick. (CVE-2017-5193)
- Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service
(crash) via an invalid nick message. (CVE-2017-5194)
- Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and
crash) via a crafted ANSI x8 color code. (CVE-2017-5195)
- Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and
crash) via vectors involving strings that are not UTF8. (CVE-2017-5196)
- Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash)
via a string containing a formatting sequence (%[) without a closing bracket (]). (CVE-2017-5356)
See Also
https://security.alpinelinux.org/vuln/CVE-2017-5193
https://security.alpinelinux.org/vuln/CVE-2017-5194
https://security.alpinelinux.org/vuln/CVE-2017-5195
Plugin Details
Severity: High
ID: 405007
Version: Revision 1.24
Type: Local
Published: 10/31/2023
Updated: 3/12/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2017-5356
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/5/2017
Reference Information
CVE: CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356