summaryrefslogtreecommitdiff
path: root/security/irssi_sa_2017_01.txt
diff options
context:
space:
mode:
Diffstat (limited to 'security/irssi_sa_2017_01.txt')
-rw-r--r--security/irssi_sa_2017_01.txt14
1 files changed, 13 insertions, 1 deletions
diff --git a/security/irssi_sa_2017_01.txt b/security/irssi_sa_2017_01.txt
index d8e6850..17dcb6e 100644
--- a/security/irssi_sa_2017_01.txt
+++ b/security/irssi_sa_2017_01.txt
@@ -1,6 +1,6 @@
Multiple vulnerabilities in Irssi [1]
=====================================
-
+CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196
Description
-----------
@@ -10,14 +10,22 @@ Four vulnerabilities have been located in Irssi.
(a) A NULL pointer dereference in the nickcmp function found by Joseph
Bisch. (CWE-690)
+ CVE-2017-5193 [2] was assigned to this bug
+
(b) Use after free when receiving invalid nick message (Issue #466, CWE-146)
+ CVE-2017-5194 [3] was assigned to this bug
+
(c) Out of bounds read in certain incomplete control codes found by
Joseph Bisch. (CWE-126)
+ CVE-2017-5195 [4] was assigned to this bug
+
(d) Out of bounds read in certain incomplete character sequences found
by Hanno Böck and independently by J. Bisch. (CWE-126)
+ CVE-2017-5196 [5] was assigned to this bug
+
Impact
------
@@ -99,3 +107,7 @@ References
----------
[1] https://irssi.org/security/irssi_sa_2017_01.txt
+[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
+[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
+[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
+[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196