{"id":"USN-3184-1","summary":"irssi vulnerabilities","details":"It was discovered that the Irssi buf.pl script set incorrect permissions. A\nlocal attacker could use this issue to retrieve another user's window\ncontents. (CVE-2016-7553)\n\nJoseph Bisch discovered that Irssi incorrectly handled comparing nicks. A\nremote attacker could use this issue to cause Irssi to crash, resulting in\na denial of service, or possibly execute arbitrary code. (CVE-2017-5193)\n\nIt was discovered that Irssi incorrectly handled invalid nick messages. A\nremote attacker could use this issue to cause Irssi to crash, resulting in\na denial of service, or possibly execute arbitrary code. (CVE-2017-5194)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain incomplete\ncontrol codes. A remote attacker could use this issue to cause Irssi to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2017-5195)\n\nHanno Böck and Joseph Bisch discovered that Irssi incorrectly handled\ncertain incomplete character sequences. A remote attacker could use this\nissue to cause Irssi to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5196)\n\nHanno Böck discovered that Irssi incorrectly handled certain format\nstrings. A remote attacker could use this issue to cause Irssi to crash,\nresulting in a denial of service. (CVE-2017-5356)\n","modified":"2026-02-10T04:41:05Z","published":"2017-02-01T18:08:38Z","related":["UBUNTU-CVE-2016-7553","UBUNTU-CVE-2017-5193","UBUNTU-CVE-2017-5194","UBUNTU-CVE-2017-5195","UBUNTU-CVE-2017-5196","UBUNTU-CVE-2017-5356"],"upstream":["CVE-2016-7553","CVE-2017-5193","CVE-2017-5194","CVE-2017-5195","CVE-2017-5196","CVE-2017-5356","UBUNTU-CVE-2016-7553","UBUNTU-CVE-2017-5193","UBUNTU-CVE-2017-5194","UBUNTU-CVE-2017-5195","UBUNTU-CVE-2017-5196","UBUNTU-CVE-2017-5356"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3184-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7553"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5193"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5194"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5195"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5196"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5356"}],"affected":[{"package":{"name":"irssi","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/irssi@0.8.15-5ubuntu3.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.15-5ubuntu3.1"}]}],"versions":["0.8.15-5ubuntu2","0.8.15-5ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.8.15-5ubuntu3.1","binary_name":"irssi"},{"binary_version":"0.8.15-5ubuntu3.1","binary_name":"irssi-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3184-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2016-7553"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-5193"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-5194"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-5356"}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"irssi","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/irssi@0.8.19-1ubuntu1.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.19-1ubuntu1.3"}]}],"versions":["0.8.17-1ubuntu1","0.8.17-1ubuntu2","0.8.18-1ubuntu1","0.8.19-1ubuntu1","0.8.19-1ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.8.19-1ubuntu1.3","binary_name":"irssi"},{"binary_version":"0.8.19-1ubuntu1.3","binary_name":"irssi-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3184-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2016-7553"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-5193"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-5194"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-5195"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-5196"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-5356"}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}