Severity: High
Date : 2017-01-11
CVE-ID : CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196
Package : irssi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-127
The package irssi before version 0.8.21-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.
Upgrade to 0.8.21-1.
The problems have been fixed upstream in version 0.8.21.
None.
A NULL pointer dereference has been discovered in the nickcmp function
leading to application crash.
A use after free vulnerability has been discovered when receiving an
invalid nick message potentially leading to arbitrary code execution.
An out of bounds read has been discovered in certain incomplete control
codes leading to application crash.
An out of bounds read has been discovered in certain incomplete
character sequences leading to application crash.
A remote attacker is able to crash the application or execute arbitrary
code on the affected host.
https://irssi.org/security/irssi_sa_2017_01.txt
http://www.openwall.com/lists/oss-security/2017/01/05/2
https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
https://security.archlinux.org/CVE-2017-5193
https://security.archlinux.org/CVE-2017-5194
https://security.archlinux.org/CVE-2017-5195
https://security.archlinux.org/CVE-2017-5196
www.openwall.com/lists/oss-security/2017/01/05/2
github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
irssi.org/security/irssi_sa_2017_01.txt
security.archlinux.org/AVG-127
security.archlinux.org/CVE-2017-5193
security.archlinux.org/CVE-2017-5194
security.archlinux.org/CVE-2017-5195
security.archlinux.org/CVE-2017-5196