Vulnerability Details : CVE-2016-7553
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
Products affected by CVE-2016-7553
- cpe:2.3:a:irssi:buf.pl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7553
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7553
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2016-7553
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7553
-
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
Fix disclosure via filesystem · irssi/scripts.irssi.org@f1b1eb1 · GitHubPatch
-
https://irssi.org/security/buf_pl_sa_2016.txt
Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/
[SECURITY] Fedora 25 Update: irssi-0.8.20-2.fc25 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/24/1
oss-security - CVE Request: irssi: information disclosure vulnerabilit in buf.plMailing List;Patch
-
http://www.securityfocus.com/bid/93155
Irssi 'buf.pl' Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/09/26/4
oss-security - Re: CVE Request: irssi: information disclosure vulnerabilit in buf.plMailing List;Patch
Jump to