Lucene search

UbuntuUSN-3465-1

HistoryOct 26, 2017 - 12:00 a.m.

Irssi vulnerabilities

2017-10-2600:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

Releases

Ubuntu 17.10
Ubuntu 17.04
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

irssi - terminal based IRC client

Details

Brian Carpenter discovered that Irssi incorrectly handled messages with
invalid time stamps. A malicious IRC server could use this issue to cause
Irssi to crash, resulting in a denial of service. (CVE-2017-10965)

Brian Carpenter discovered that Irssi incorrectly handled the internal nick
list. A malicious IRC server could use this issue to cause Irssi to crash,
resulting in a denial of service. (CVE-2017-10966)

Joseph Bisch discovered that Irssi incorrectly removed destroyed channels
from the query list. A malicious IRC server could use this issue to cause
Irssi to crash, resulting in a denial of service. (CVE-2017-15227)

Hanno Böck discovered that Irssi incorrectly handled themes. If a user were
tricked into using a malicious theme, a attacker could use this issue to
cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228)

Joseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP
messages. A malicious IRC server could use this issue to cause Irssi to
crash, resulting in a denial of service. (CVE-2017-15721)

Joseph Bisch discovered that Irssi incorrectly handled certain channel IDs.
A malicious IRC server could use this issue to cause Irssi to crash,
resulting in a denial of service. (CVE-2017-15722)

Joseph Bisch discovered that Irssi incorrectly handled certain long nicks
or targets. A malicious IRC server could use this issue to cause Irssi to
crash, resulting in a denial of service. (CVE-2017-15723)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchirssi< 1.0.4-1ubuntu2.1UNKNOWN
Ubuntu17.10noarchirssi-dbgsym< 1.0.4-1ubuntu2.1UNKNOWN
Ubuntu17.10noarchirssi-dev< 1.0.4-1ubuntu2.1UNKNOWN
Ubuntu17.04noarchirssi< 0.8.20-2ubuntu2.2UNKNOWN
Ubuntu17.04noarchirssi-dbgsym< 0.8.20-2ubuntu2.2UNKNOWN
Ubuntu17.04noarchirssi-dev< 0.8.20-2ubuntu2.2UNKNOWN
Ubuntu16.04noarchirssi< 0.8.19-1ubuntu1.5UNKNOWN
Ubuntu16.04noarchirssi-dbg< 0.8.19-1ubuntu1.5UNKNOWN
Ubuntu16.04noarchirssi-dbgsym< 0.8.19-1ubuntu1.5UNKNOWN
Ubuntu16.04noarchirssi-dev< 0.8.19-1ubuntu1.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	17.10	noarch	irssi	< 1.0.4-1ubuntu2.1	UNKNOWN
Ubuntu	17.10	noarch	irssi-dbgsym	< 1.0.4-1ubuntu2.1	UNKNOWN
Ubuntu	17.10	noarch	irssi-dev	< 1.0.4-1ubuntu2.1	UNKNOWN
Ubuntu	17.04	noarch	irssi	< 0.8.20-2ubuntu2.2	UNKNOWN
Ubuntu	17.04	noarch	irssi-dbgsym	< 0.8.20-2ubuntu2.2	UNKNOWN
Ubuntu	17.04	noarch	irssi-dev	< 0.8.20-2ubuntu2.2	UNKNOWN
Ubuntu	16.04	noarch	irssi	< 0.8.19-1ubuntu1.5	UNKNOWN
Ubuntu	16.04	noarch	irssi-dbg	< 0.8.19-1ubuntu1.5	UNKNOWN
Ubuntu	16.04	noarch	irssi-dbgsym	< 0.8.19-1ubuntu1.5	UNKNOWN
Ubuntu	16.04	noarch	irssi-dev	< 0.8.19-1ubuntu1.5	UNKNOWN