{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3885", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3885"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://openwall.com/lists/oss-security/2017/06/06/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://irssi.org/security/irssi_sa_2017_06.txt"}, {"name": "99015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99015"}, {"name": "1038621", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038621"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3885", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3885"}, {"name": "http://openwall.com/lists/oss-security/2017/06/06/4", "refsource": "CONFIRM", "url": "http://openwall.com/lists/oss-security/2017/06/06/4"}, {"name": "https://irssi.org/security/irssi_sa_2017_06.txt", "refsource": "CONFIRM", "url": "https://irssi.org/security/irssi_sa_2017_06.txt"}, {"name": "99015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99015"}, {"name": "1038621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038621"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:11:02.140Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3885", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3885"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/06/06/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://irssi.org/security/irssi_sa_2017_06.txt"}, {"name": "99015", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99015"}, {"name": "1038621", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038621"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9468", "datePublished": "2017-06-07T01:00:00", "dateReserved": "2017-06-06T00:00:00", "dateUpdated": "2024-08-05T17:11:02.140Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF02C057-AE3D-4181-A03D-1DF35EC81F30", "versionEndIncluding": "1.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash."}, {"lang": "es", "value": "En Irssi anterior a versi\u00f3n 1.0.3, durante la recepci\u00f3n de un mensaje DCC sin nick/host de origen, intenta la desreferencia de un puntero NULL. Por lo tanto, los servidores IRC remotos pueden causar un bloqueo."}], "id": "CVE-2017-9468", "lastModified": "2019-03-14T18:45:46.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-07T01:29:01.080", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/06/06/4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3885"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99015"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038621"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://irssi.org/security/irssi_sa_2017_06.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "irssi: Null pointer dereference while receiving a DCC message without source nick/host", "id": "1459456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459456"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.", "A null pointer dereference was found in the way irssi handles DCC messages that do not contain a source nick/host. A malicious IRC server could be used to crash an irssi client by sending a specially crafted DCC message."], "name": "CVE-2017-9468", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "irssi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "irssi", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9468\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9468\nhttps://irssi.org/security/irssi_sa_2017_06.txt"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "irssi 1.0.3"}