CVE-2016-7553

Published: Feb 27, 2017Modified: May 13, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Affected (1)

Products: Irssi: Buf.pl

Irssi

1 product

Buf.pl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Irssi Buf.pl	Up to 2.13

Related CWEs

CWE-275

References (12)

http://www.openwall.com/lists/oss-security/2016/09/24/1

Source: security@debian.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2016/09/26/4

Source: security@debian.org

Mailing ListPatch

http://www.securityfocus.com/bid/93155

Source: security@debian.org

Third Party AdvisoryVDB Entry

https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

Source: security@debian.org

Patch

https://irssi.org/security/buf_pl_sa_2016.txt

Source: security@debian.org

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2016/09/24/1