Japan Vulnerability NotesJVN:94816361JVN#94816361: YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
71.7%
YoruFukurou (NightOwl) is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents.
CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash.
This problem was verified on OS X v10.9 (Mavericks). The developer of YoruFukurou states that the problem does not exist on OS X v10.11 (El Capitan).
Impact
YoruFukurou may crash when rendering a certain emoji character sequence.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- YoruFukurou (NightOwl) version 2.84 and earlier
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
71.7%