In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
http://www.securitytracker.com/id/1038621
http://www.securityfocus.com/bid/99043
http://www.debian.org/security/2017/dsa-3885
http://openwall.com/lists/oss-security/2017/06/06/4
https://irssi.org/security/irssi_sa_2017_06.txt
Source: Mitre, NVD
Published: 2017-06-07
Updated: 2025-04-20
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: Medium
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: High
EPSS: 0.02176