Vulnerabilities > CVE-2017-10965 - NULL Pointer Dereference vulnerability in Irssi

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
irssi
CWE-476
critical
nessus

Summary

An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-797.NASL
    descriptionThis update for irssi to version fixes the following issues : - CVE-2017-10965: A malicious server could cause irssi to crash by providing an invalid timestamp - CVE-2017-10966: Undefined behavior may be triggered when irssi updates the internal nick list A number of minor upstream bug fixes are also included.
    last seen2020-06-05
    modified2017-07-10
    plugin id101347
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101347
    titleopenSUSE Security Update : irssi (openSUSE-2017-797)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-797.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101347);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10965", "CVE-2017-10966");
    
      script_name(english:"openSUSE Security Update : irssi (openSUSE-2017-797)");
      script_summary(english:"Check for the openSUSE-2017-797 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for irssi to version fixes the following issues :
    
      - CVE-2017-10965: A malicious server could cause irssi to
        crash by providing an invalid timestamp
    
      - CVE-2017-10966: Undefined behavior may be triggered when
        irssi updates the internal nick list
    
    A number of minor upstream bug fixes are also included."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047709"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected irssi packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"irssi-1.0.4-14.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"irssi-debuginfo-1.0.4-14.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"irssi-debugsource-1.0.4-14.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"irssi-devel-1.0.4-14.10.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irssi / irssi-debuginfo / irssi-debugsource / irssi-devel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-90AD72E684.NASL
    descriptionThis is an update fixing CVE-2017-10965 and CVE-2017-10966. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-11
    plugin id102396
    published2017-08-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102396
    titleFedora 25 : irssi (2017-90ad72e684)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-90ad72e684.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102396);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10965", "CVE-2017-10966");
      script_xref(name:"FEDORA", value:"2017-90ad72e684");
    
      script_name(english:"Fedora 25 : irssi (2017-90ad72e684)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is an update fixing CVE-2017-10965 and CVE-2017-10966.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected irssi package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:irssi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"irssi-1.0.4-1.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irssi");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-190-01.NASL
    descriptionNew irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101317
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101317
    titleSlackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2017-190-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2017-190-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101317);
      script_version("$Revision: 3.3 $");
      script_cvs_date("$Date: 2018/01/26 17:50:31 $");
    
      script_cve_id("CVE-2017-10965", "CVE-2017-10966");
      script_xref(name:"SSA", value:"2017-190-01");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2017-190-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New irssi packages are available for Slackware 14.0, 14.1, 14.2, and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.436661
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3e4fef16"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected irssi package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:irssi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"irssi", pkgver:"1.0.4", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1971.NASL
    descriptionAccording to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.(CVE-2017-5193) - Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.(CVE-2017-5194) - Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).(CVE-2017-5356) - In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.(CVE-2017-9468) - In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.(CVE-2017-9469) - An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.(CVE-2017-10965) - An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.(CVE-2017-10966) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-23
    plugin id129128
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129128
    titleEulerOS 2.0 SP5 : irssi (EulerOS-SA-2019-1971)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_31001C6B63E711E785AAA4BADB2F4699.NASL
    descriptionirssi reports : When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.
    last seen2020-06-01
    modified2020-06-02
    plugin id101330
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101330
    titleFreeBSD : irssi -- multiple vulnerabilities (31001c6b-63e7-11e7-85aa-a4badb2f4699)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1089.NASL
    descriptionSome Irssi issues were found : CVE-2017-10965 An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. CVE-2017-10966 An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table. For Debian 7
    last seen2020-03-17
    modified2017-09-06
    plugin id102962
    published2017-09-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102962
    titleDebian DLA-1089-1 : irssi security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4016.NASL
    descriptionMultiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-10965 Brian
    last seen2020-06-01
    modified2020-06-02
    plugin id104400
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104400
    titleDebian DSA-4016-1 : irssi - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3465-1.NASL
    descriptionBrian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966) Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227) Hanno Bock discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228) Joseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721) Joseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722) Joseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104212
    published2017-10-27
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104212
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : irssi vulnerabilities (USN-3465-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2477.NASL
    descriptionAccording to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.(CVE-2018-5208) - When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.(CVE-2018-5205) - When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.(CVE-2018-5206) - When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.(CVE-2018-5207) - The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.(CVE-2017-5193) - Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.(CVE-2017-5194) - Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).(CVE-2017-5356) - In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.(CVE-2017-9468) - In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.(CVE-2017-9469) - An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.(CVE-2017-10965) - An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.(CVE-2017-10966) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131630
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131630
    titleEulerOS 2.0 SP2 : irssi (EulerOS-SA-2019-2477)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2595.NASL
    descriptionAccording to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.(CVE-2017-10965) - An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.(CVE-2017-10966) - In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.(CVE-2017-9468) - In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.(CVE-2017-9469) - In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.(CVE-2018-5208) - Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).(CVE-2017-5356) - The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.(CVE-2017-5193) - Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.(CVE-2017-5194) - When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.(CVE-2018-5206) - When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.(CVE-2018-5207) - When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.(CVE-2018-5205) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132130
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132130
    titleEulerOS 2.0 SP3 : irssi (EulerOS-SA-2019-2595)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-114E1ABF9D.NASL
    descriptionThis is an update fixing CVE-2017-10965 and CVE-2017-10966. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-20
    plugin id101825
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101825
    titleFedora 26 : irssi (2017-114e1abf9d)