CVE-2016-7553

3.3 LOW

Published: February 27, 2017 Modified: May 13, 2026

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/24/1

Source: security@debian.org

Mailing List Patch

http://www.openwall.com/lists/oss-security/2016/09/26/4

Source: security@debian.org

Mailing List Patch

http://www.securityfocus.com/bid/93155

Source: security@debian.org

Third Party Advisory VDB Entry

https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

Source: security@debian.org

Patch

https://irssi.org/security/buf_pl_sa_2016.txt

Source: security@debian.org

Patch Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2016/09/24/1