Vulnerability Details : CVE-2010-1156
core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2010-1156
- cpe:2.3:a:irssi:irssi:*:rc1:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.10:rc8:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.12:rc1:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.11:rc1:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.10:rc5:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.11:rc2:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.13:rc1:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.10:rc7:*:*:*:*:*:*
- cpe:2.3:a:irssi:irssi:0.8.10:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1156
23.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2010-1156
-
http://www.vupen.com/english/advisories/2010/1110
Webmail | OVH- OVH
-
http://securitytracker.com/id?1023845
Irssi Unspecified Bug Lets Remote Users Deny Service - SecurityTracker
-
http://irssi.org/news
Irssi NEWS
-
http://marc.info/?l=oss-security&m=127110132019166&w=2
'Re: [oss-security] CVE request: irssi 0.8.15' - MARC
-
http://marc.info/?l=oss-security&m=127098845125270&w=2
'[oss-security] CVE request: irssi 0.8.15' - MARC
-
http://www.vupen.com/english/advisories/2010/1107
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html
[SECURITY] Fedora 12 Update: irssi-0.8.15-1.fc12
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301
The Slackware Linux Project: Slackware Security Advisories
-
http://marc.info/?l=oss-security&m=127119240204394&w=2
'[oss-security] Re: CVE request: irssi 0.8.15' - MARC
-
http://www.vupen.com/english/advisories/2010/0856
Webmail | OVH- OVHPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/0987
Webmail | OVH- OVH
-
http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126
-
http://www.ubuntu.com/usn/USN-929-1
USN-929-1: irssi vulnerabilities | Ubuntu security notices
-
http://irssi.org/news/ChangeLog
Irssi NEWS
-
http://marc.info/?l=oss-security&m=127115784314970&w=2
'Re: [oss-security] CVE request: irssi 0.8.15' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:011
-
http://marc.info/?l=oss-security&m=127111071631857&w=2
'Re: [oss-security] CVE request: irssi 0.8.15' - MARC
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/57791
Irssi unspecified denial of service CVE-2010-1156 Vulnerability Report
Jump to