Debian: DSA-4016-1 Critical: Irssi Denial of Service Issues
debian
November 3, 2017
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client
Topics Covered
Summary
CVE-2017-10965
Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi does
not properly handle receiving messages with invalid time stamps. A
malicious IRC server can take advantage of this flaw to cause Irssi
to crash, resulting in a denial of service.
CVE-2017-10966
Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi is
susceptible to a use-after-free flaw triggered while updating the
internal nick list. A malicious IRC server can take advantage of
this flaw to cause Irssi to crash, resulting in a denial of service.
CVE-2017-15227
Joseph Bisch discovered that while waiting for the channel
synchronisation, Irssi may incorrectly fail to remove destroyed
channels from the query list, resulting in use after free conditions
when updating the state later on. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.
CVE-2017-15228
Hanno Boeck reported that Irssi does not...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: irssi
CVE ID: CVE-2017-10965 CVE-2017-10966 CVE-2017-15227 CVE-2017-15228
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!