Severity: High
Date : 2016-09-22
CVE-ID : CVE-2016-7045
Package : irssi
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package irssi before version 0.8.20-1 is vulnerable to arbitrary
code execution.
Upgrade to 0.8.20-1.
The problem has been fixed upstream in version 0.8.20.
None.
The format_send_to_gui() function does not validate the length of the string
before incrementing the `ptr’ pointer in all cases.
If that happens, the pointer ptr' can be incremented twice and thus end past the boundaries of the original
dup’ buffer.
Remote code execution might be difficult since only Nuls are written.
A remote attacker can perform a denial of service attack or possibly execute
arbitrary code on the affected host.
https://irssi.org/security/irssi_sa_2016.txt
http://www.openwall.com/lists/oss-security/2016/09/21/11
https://vulners.com/cve/CVE-2016-7045