CVE-2017-9468
Ubuntu Security Notice USN-3317-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
En Irssi anterior a versiĆ³n 1.0.3, durante la recepciĆ³n de un mensaje DCC sin nick/host de origen, intenta la desreferencia de un puntero NULL. Por lo tanto, los servidores IRC remotos pueden causar un bloqueo.
It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote attacker could possibly use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-06 CVE Reserved
- 2017-06-07 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99015 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038621 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/06/06/4 | 2019-03-14 | |
| https://irssi.org/security/irssi_sa_2017_06.txt | 2019-03-14 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3885 | 2019-03-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Irssi Search vendor "Irssi" | Irssi Search vendor "Irssi" for product "Irssi" | <= 1.0.2 Search vendor "Irssi" for product "Irssi" and version " <= 1.0.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||