Re: [SECURITY] [DSA 4016-1] irssi security update
On Fri, Nov 03, 2017 at 07:51:34PM +0000, Salvatore Bonaccorso wrote:
> CVE-2017-15721
>
> Joseph Bisch discovered that Irssi does not properly handle
> incorrectly formatted DCC CTCP messages. A malicious IRC server can
> take advantage of this flaw to cause Irssi to crash, resulting in a
> denial of service.
Since DCC stands for Direct Client to Client, the IRC server is
not involved and it can probably be triggered by an other user.
Kurt
Reply to: