CVE-2017-9469

high

Description

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

References

Advisories
More

http://www.securitytracker.com/id/1038621

http://www.securityfocus.com/bid/99043

http://www.debian.org/security/2017/dsa-3885

http://openwall.com/lists/oss-security/2017/06/06/4

https://irssi.org/security/irssi_sa_2017_06.txt

Details

Source: Mitre, NVD

Published: 2017-06-07

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.02176

Detections

Analytics