CVE-2016-7553

Name: CVE-2016-7553
Creator: NVD / NIST
Published: 2017-02-27T22:59:00.48+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.39%

Last modified Jun 17, 2026

CVE-2016-7553 is a vulnerability of currently unknown severity. The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Metrics

EPSS Probability

0.39%

30.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-275

Affected Software

Vendor	Product	Versions
Irssi	Buf.Pl	<= 2.13

References

http://www.openwall.com/lists/oss-security/2016/09/24/1Mailing List, Patch
http://www.openwall.com/lists/oss-security/2016/09/26/4Mailing List, Patch
http://www.securityfocus.com/bid/93155Third Party Advisory, VDB Entry
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65aPatch
https://irssi.org/security/buf_pl_sa_2016.txtPatch, Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/
http://www.openwall.com/lists/oss-security/2016/09/24/1Mailing List, Patch
http://www.openwall.com/lists/oss-security/2016/09/26/4Mailing List, Patch
http://www.securityfocus.com/bid/93155Third Party Advisory, VDB Entry
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65aPatch
https://irssi.org/security/buf_pl_sa_2016.txtPatch, Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/

Timeline

Published: Feb 27, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-7553?

How severe is CVE-2016-7553?

Severity scoring for CVE-2016-7553 is pending analysis. The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2016-7553?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-7553?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST