DSA-3885-1 irssi -- irssiID: oval:org.secpod.oval:def:70571 | Date: (C)2021-04-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9468 Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-9469 Joseph Bisch discovered that Irssi does not properly handle receiving incorrectly quoted DCC files. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.