Severity: Medium
Date : 2018-01-16
CVE-ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208
Package : irssi
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-575
The package irssi before version 1.0.6-1 is vulnerable to denial of
service.
Upgrade to 1.0.6-1.
The problems have been fixed upstream in version 1.0.6.
None.
When using incomplete escape codes, irssi before 1.0.6 may access data
beyond the end of the string.
When the channel topic is set without specifying a sender, irssi before
1.0.6 may dereference a NULL pointer.
When using an incomplete variable argument, irssi before 1.0.6 may
access data beyond the end of the string.
In Irssi before 1.0.6 a calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
A remote attacker is able to crash the application via a malicious
server or by tricking a user to use malicious commands.
http://www.openwall.com/lists/oss-security/2018/01/06/2
https://irssi.org/security/irssi_sa_2018_01.txt
https://github.com/irssi/irssi/commit/7a83c63701b7395ee6cc606905314318eef77971
https://github.com/irssi/irssi/commit/54d453623d879ea83d0818a80bd14151192953ec
https://github.com/irssi/irssi/commit/cc17837a9b326ec9100a35981348fa0f5d6316fa
https://github.com/irssi/irssi/commit/2361d4b1e5d38701f35146219ceddd318ac4e645
https://security.archlinux.org/CVE-2018-5205
https://security.archlinux.org/CVE-2018-5206
https://security.archlinux.org/CVE-2018-5207
https://security.archlinux.org/CVE-2018-5208
www.openwall.com/lists/oss-security/2018/01/06/2
github.com/irssi/irssi/commit/2361d4b1e5d38701f35146219ceddd318ac4e645
github.com/irssi/irssi/commit/54d453623d879ea83d0818a80bd14151192953ec
github.com/irssi/irssi/commit/7a83c63701b7395ee6cc606905314318eef77971
github.com/irssi/irssi/commit/cc17837a9b326ec9100a35981348fa0f5d6316fa
irssi.org/security/irssi_sa_2018_01.txt
security.archlinux.org/AVG-575
security.archlinux.org/CVE-2018-5205
security.archlinux.org/CVE-2018-5206
security.archlinux.org/CVE-2018-5207
security.archlinux.org/CVE-2018-5208