The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
References
Link | Resource |
---|---|
http://www.debian.org/security/2016/dsa-3672 | Third Party Advisory |
http://www.securitytracker.com/id/1036868 | |
http://www.ubuntu.com/usn/USN-3086-1 | Third Party Advisory |
https://irssi.org/security/irssi_sa_2016.txt | Exploit Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2016-09-27 15:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-7045
Mitre link : CVE-2016-7045
CVE.ORG link : CVE-2016-7045
JSON object : View
Products Affected
irssi
- irssi
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer