Mailinglist Archive: opensuse-bugs (4247 mails)

< Previous Next >
[Bug 1019809] New: VUL-0: CVE-2017-5356: irssi: out of bounds read in format string
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 13 Jan 2017 08:41:06 +0000
  • Message-id: <bug-1019809-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1019809


Bug ID: 1019809
Summary: VUL-0: CVE-2017-5356: irssi: out of bounds read in
format string
Classification: openSUSE
Product: openSUSE Distribution
Version: 13.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: meissner@xxxxxxxx
Reporter: meissner@xxxxxxxx
QA Contact: qa-bugs@xxxxxxx
CC: mrueckert@xxxxxxxx
Found By: Security Response Team
Blocker: ---

CVE-2017-5356

Hi,

can you please check whether the following Irssi issue needs a CVE

- Printing the value %[ leads to oob read

This has been reported to the Irssi project by Hanno Böck and is
already fixed as part of the last CVE request, however I failed to
include this issue in the initial report. Hanno has blogged about this
at [1] and linked it to the other issue which we credited him for (but
it is in fact a separate issue).

Thanks,

[1] https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5356
http://seclists.org/oss-sec/2017/q1/77

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups