7.5

CVE-2017-15228

Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IrssiIrssi Version <= 1.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.14% 0.796
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
https://www.debian.org/security/2017/dsa-4016
http://openwall.com/lists/oss-security/2017/10/22/4
Patch
Third Party Advisory
Mailing List
Mitigation
https://irssi.org/security/irssi_sa_2017_10.txt
Patch
Vendor Advisory
Mitigation