{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (])."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1217-1] irssi security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"}, {"name": "96581", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96581"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://irssi.org/security/irssi_sa_2017_01.txt"}, {"name": "[oss-security] 20170112 CVE Request: Irssi out of bounds read in format string", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/12/8"}, {"name": "[oss-security] 20170112 Re: CVE Request: Irssi out of bounds read in format string", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2017-5356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (])."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1217-1] irssi security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"}, {"name": "96581", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96581"}, {"name": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html", "refsource": "MISC", "url": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html"}, {"name": "https://irssi.org/security/irssi_sa_2017_01.txt", "refsource": "CONFIRM", "url": "https://irssi.org/security/irssi_sa_2017_01.txt"}, {"name": "[oss-security] 20170112 CVE Request: Irssi out of bounds read in format string", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/12/8"}, {"name": "[oss-security] 20170112 Re: CVE Request: Irssi out of bounds read in format string", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/13/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:55:35.676Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1217-1] irssi security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"}, {"name": "96581", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96581"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://irssi.org/security/irssi_sa_2017_01.txt"}, {"name": "[oss-security] 20170112 CVE Request: Irssi out of bounds read in format string", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/12/8"}, {"name": "[oss-security] 20170112 Re: CVE Request: Irssi out of bounds read in format string", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/2"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2017-5356", "datePublished": "2017-03-03T15:00:00", "dateReserved": "2017-01-12T00:00:00", "dateUpdated": "2024-08-05T14:55:35.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A0BEDE-EE65-44C2-A298-0F3B49C6D30E", "versionEndExcluding": "0.8.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (])."}, {"lang": "es", "value": "Irssi en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de una cadena que contiene una secuencia de formato (%[) sin un cierre de par\u00e9ntesis (])."}], "id": "CVE-2017-5356", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-03T15:59:00.820", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/12/8"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/2"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96581"}, {"source": "security@debian.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://irssi.org/security/irssi_sa_2017_01.txt"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/12/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://irssi.org/security/irssi_sa_2017_01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "irssi: Out-of-bounds read in format string", "id": "1413890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413890"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (])."], "name": "CVE-2017-5356", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "irssi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "irssi", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-5356\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5356"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}