Arch Linux Security Advisory ASA-201609-20 ========================================== Severity: High Date : 2016-09-22 CVE-ID : CVE-2016-7045 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package irssi before version 0.8.20-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.8.20-1. # pacman -Syu "irssi>=0.8.20-1" The problem has been fixed upstream in version 0.8.20. Workaround ========== None. Description =========== The format_send_to_gui() function does not validate the length of the string before incrementing the `ptr' pointer in all cases. If that happens, the pointer `ptr' can be incremented twice and thus end past the boundaries of the original `dup' buffer. Remote code execution might be difficult since only Nuls are written. Impact ====== A remote attacker can perform a denial of service attack or possibly execute arbitrary code on the affected host. References ========== https://irssi.org/security/irssi_sa_2016.txt http://www.openwall.com/lists/oss-security/2016/09/21/11 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045