{"affected":[{"ecosystem_specific":{"binaries":[{"irssi":"0.8.21-12.1","irssi-devel":"0.8.21-12.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"irssi","purl":"pkg:rpm/suse/irssi&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.21-12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"irssi was updated to fix four vulnerabilities that could result in denial \nof service (remote crash) when connecting to malicious servers or receiving\nspecially crafted data. (boo#1018357)\n\n- CVE-2017-5193: NULL pointer dereference in the nickcmp function\n- CVE-2017-5194: out of bounds read in certain incomplete control codes\n- CVE-2017-5195: out of bounds read in certain incomplete character sequences \n- CVE-2017-5196: Correct an error when receiving invalid nick message","id":"openSUSE-SU-2017:0094-1","modified":"2017-01-09T16:14:54Z","published":"2017-01-09T16:14:54Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1018357"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5193"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5194"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5195"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5196"}],"related":["CVE-2017-5193","CVE-2017-5194","CVE-2017-5195","CVE-2017-5196"],"summary":"Security update for irssi","upstream":["CVE-2017-5193","CVE-2017-5194","CVE-2017-5195","CVE-2017-5196"]}