In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
References
Link | Resource |
---|---|
https://irssi.org/security/irssi_sa_2017_06.txt | Patch Vendor Advisory |
http://openwall.com/lists/oss-security/2017/06/06/4 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/99043 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038621 | Third Party Advisory VDB Entry |
http://www.debian.org/security/2017/dsa-3885 | Third Party Advisory |
Information
Published : 2017-06-06 18:29
Updated : 2019-03-14 12:07
NVD link : CVE-2017-9469
Mitre link : CVE-2017-9469
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
debian
- debian_linux
irssi
- irssi