FreeBSD : Irssi -- multiple vulnerabilities (3d6be69b-d365-11e6-a071-001e67f15f5a)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Irssi reports :

Five vulnerabilities have been located in Irssi

- A NULL pointer dereference in the nickcmp function found by Joseph
Bisch. (CWE-690)

- Use after free when receiving invalid nick message (Issue #466,
CWE-146)

- Out of bounds read in certain incomplete control codes found by
Joseph Bisch. (CWE-126)

- Out of bounds read in certain incomplete character sequences found
by Hanno Bock and independently by J. Bisch. (CWE-126)

- Out of bounds read when Printing the value '%['. Found by Hanno
Bock. (CWE-126)

These issues may result in denial of service (remote crash).

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215800
https://irssi.org/security/irssi_sa_2017_01.txt
http://www.nessus.org/u?b3fcf9cc

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96322 ()

Bugtraq ID:

CVE ID: CVE-2017-5193
CVE-2017-5194
CVE-2017-5195
CVE-2017-5196
CVE-2017-5356

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now