CVE-2023-29132

2023-04-1401:15:08

Debian Security Bug Tracker

security-tracker.debian.org

irssi

vulnerability

cve-2023-29132

use-after-free

unix

printing

formatted line

concurrent

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

34.2%

JSON

Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.

OSVersionArchitecturePackageVersionFilename
Debian12allirssi< 1.4.3-2irssi_1.4.3-2_all.deb
Debian11allirssi< 1.2.3-1irssi_1.2.3-1_all.deb
Debian999allirssi< 1.4.3-2irssi_1.4.3-2_all.deb
Debian13allirssi< 1.4.3-2irssi_1.4.3-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	irssi	< 1.4.3-2	irssi_1.4.3-2_all.deb
Debian	11	all	irssi	< 1.2.3-1	irssi_1.2.3-1_all.deb
Debian	999	all	irssi	< 1.4.3-2	irssi_1.4.3-2_all.deb
Debian	13	all	irssi	< 1.4.3-2	irssi_1.4.3-2_all.deb