logo
DATABASE RESOURCES PRICING ABOUT US

irssi: Execution of arbitrary code

Description

### Background irssi is a modular textUI IRC client with IPv6 support. ### Description Nemo discovered an off-by-one error leading to a heap overflow in irssi's event_wallops() parsing function. ### Impact A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack to redirect a user to such a server or use ircop rights to send a specially crafted WALLOPS message, which might result in the execution of arbitrary code with the privileges of the user running irssi. ### Workaround There is no known workaround at this time. ### Resolution All irssi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.13-r1"


Affected Package


OS OS Version Package Name Package Version
Gentoo any net-irc/irssi 0.8.13-r1

Related