Two vulnerabilities in Irssi
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-9468 CVE-2017-9469 |
| CWE-ID | CWE-476 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Irssi Client/Desktop applications / Messaging software |
| Vendor | Irssi.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Null pointer dereference
EUVDB-ID: #VU6954
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-9468
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can return a specially crafted DCC message without a source nick or host value and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to version 1.0.3.
Vulnerable software versionsIrssi: 0.8.0 - 1.0.2
CPE2.3 External linkshttp://irssi.org/security/irssi_sa_2017_06.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Memory corruption
EUVDB-ID: #VU6955
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-9469
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds memory error. A remote attacker can send specially crafted incorrectly quoted DCC files and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to version 1.0.3.
Vulnerable software versionsIrssi: 0.8.0 - 1.0.2
CPE2.3 External linkshttp://irssi.org/security/irssi_sa_2017_06.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
