oss-sec mailing list archives

Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06

From: Ailin Nemui <ailin.nemui () gmail com>
Date: Wed, 07 Jun 2017 10:18:31 +0200

On Tue, 2017-06-06 at 23:31 +0200, Ailin Nemui wrote:

(a) When receiving a DCC message without source nick/host, Irssi would
    attempt to dereference a NULL pointer. Found by Joseph
    Bisch. (CWE-690)


      CVE-2017-9468 [2] was assigned to this bug

(b) When receiving certain incorrectly quoted DCC files, Irssi would
    try to find the terminating quote one byte before the allocated
    memory. Found by Joseph Bisch. (CWE-129, CWE-127)


      CVE-2017-9469 [3] was assigned to this bug

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469

Current thread:

FYI: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 06)
- Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 07)