Arch Linux Security Advisory ASA-201609-20

Severity: High
Date : 2016-09-22
CVE-ID : CVE-2016-7045
Package : irssi
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE

Summary

The package irssi before version 0.8.20-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 0.8.20-1.

pacman -Syu “irssi>=0.8.20-1”

The problem has been fixed upstream in version 0.8.20.

Workaround

None.

Description

The format_send_to_gui() function does not validate the length of the string
before incrementing the `ptr’ pointer in all cases.

If that happens, the pointer ptr' can be incremented twice and thus end past the boundaries of the original dup’ buffer.

Remote code execution might be difficult since only Nuls are written.

Impact

A remote attacker can perform a denial of service attack or possibly execute
arbitrary code on the affected host.

References

https://irssi.org/security/irssi_sa_2016.txt
http://www.openwall.com/lists/oss-security/2016/09/21/11
https://vulners.com/cve/CVE-2016-7045