logo
DATABASE RESOURCES PRICING ABOUT US

GLSA-200909-13 : irssi: Execution of arbitrary code

Description

The remote host is affected by the vulnerability described in GLSA-200909-13 (irssi: Execution of arbitrary code) Nemo discovered an off-by-one error leading to a heap overflow in irssi's event_wallops() parsing function. Impact : A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack to redirect a user to such a server or use ircop rights to send a specially crafted WALLOPS message, which might result in the execution of arbitrary code with the privileges of the user running irssi. Workaround : There is no known workaround at this time.


Related