oss-sec mailing list archives
Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06
From: Ailin Nemui <ailin.nemui () gmail com>
Date: Wed, 07 Jun 2017 10:18:31 +0200
On Tue, 2017-06-06 at 23:31 +0200, Ailin Nemui wrote:
(a) When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer. Found by Joseph Bisch. (CWE-690)
CVE-2017-9468 [2] was assigned to this bug
(b) When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory. Found by Joseph Bisch. (CWE-129, CWE-127)
CVE-2017-9469 [3] was assigned to this bug [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
Current thread:
- FYI: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 06)
- Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 07)