High severity7.5NVD Advisory· Published Jun 7, 2017· Updated May 13, 2026

CVE-2017-9469

Description

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

Affected products

Irssi/Irssi
cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
Range: <=1.0.2
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwall.com/lists/oss-security/2017/06/06/4nvdMailing ListPatchThird Party Advisory
irssi.org/security/irssi_sa_2017_06.txtnvdPatchVendor Advisory
www.debian.org/security/2017/dsa-3885nvdThird Party Advisory
www.securityfocus.com/bid/99043nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038621nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000