Vulnerability Name:

CVE-2017-9469 (CCN-126877)

Assigned:2017-06-06
Published:2017-06-06
Updated:2019-03-14
Summary:In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-9469

Source: CONFIRM
Type: Mailing List, Patch, Third Party Advisory
http://openwall.com/lists/oss-security/2017/06/06/4

Source: DEBIAN
Type: Third Party Advisory
DSA-3885

Source: BID
Type: Third Party Advisory, VDB Entry
99043

Source: CCN
Type: BID-99043
Irssi CVE-2017-9469 Denial of Service Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1038621

Source: XF
Type: UNKNOWN
irssi-cve20179469-dos(126877)

Source: CCN
Type: IRSSI-SA-2017-06 Irssi Security Advisory
Two vulnerabilities have been located in Irssi

Source: CONFIRM
Type: Patch, Vendor Advisory
https://irssi.org/security/irssi_sa_2017_06.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/a:irssi:irssi:*:*:*:*:*:*:*:* (Version <= 1.0.2)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:irssi:irssi:1.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20179469
    V
    		CVE-2017-9469
    2022-06-30
    oval:org.opensuse.security:def:112443
    P
    		irssi-1.2.3-2.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105949
    P
    		irssi-1.2.3-2.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:25662
    P
    		Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:25135
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25507
    P
    		Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24933
    P
    		Security update for libvirt (Important)
    2020-12-01
    oval:org.opensuse.security:def:25706
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25216
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25560
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24944
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:26344
    P
    		Security update for mbedtls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25273
    P
    		Security update for ceph (Important)
    2020-12-01
    oval:org.opensuse.security:def:25648
    P
    		Security update for python36 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25008
    P
    		Security update for perl (Important)
    2020-12-01
    oval:org.opensuse.security:def:26379
    P
    		Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25357
    P
    		Security update for squid (Important)
    2020-12-01
    oval:com.ubuntu.xenial:def:201794690000000
    V
    		CVE-2017-9469 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-07
    oval:com.ubuntu.trusty:def:20179469000
    V
    		CVE-2017-9469 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-06-06
    oval:com.ubuntu.xenial:def:20179469000
    V
    		CVE-2017-9469 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-06
    BACK
    irssi irssi *
    debian debian linux 8.0
    debian debian linux 9.0
    irssi irssi 1.0.1