[arch-security] [ASA-201710-30] irssi: multiple issues
rgacogne at archlinux.org
Sun Oct 22 19:46:59 UTC 2017
Arch Linux Security Advisory ASA-201710-30
Date : 2017-10-22
CVE-ID : CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722
Package : irssi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-461
The package irssi before version 1.0.5-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.
Upgrade to 1.0.5-1.
# pacman -Syu "irssi>=1.0.5-1"
The problems have been fixed upstream in version 1.0.5.
- CVE-2017-15227 (arbitrary code execution)
While waiting for the channel synchronization, Irssi < 1.0.5 may
incorrectly fail to remove destroyed channels from the query list,
resulting in use-after-free conditions when updating the state later
on. To be exploited, this issue requires a broken IRCd or control over
- CVE-2017-15228 (denial of service)
When installing themes with unterminated colour formatting sequences,
Irssi < 1.0.5 may access data beyond the end of the string.
- CVE-2017-15721 (denial of service)
Certain incorrectly formatted DCC CTCP messages could cause NULL-
pointer dereference in Irssi < 1.0.5. This is a separate, but similar
issue to CVE-2017-9468. To be exploited, this issue requires a broken
IRCd or control over the IRCd.
- CVE-2017-15722 (denial of service)
In certain cases Irssi may fail to verify that a Safe channel ID is
long enough, causing reads beyond the end of the string. To be
exploited, this issue requires a broken IRCd or control over the IRCd.
- CVE-2017-15723 (denial of service)
Overlong nicks or targets may result in a NULL-pointer dereference in
Irssi >= 0.8.17 and < 1.0.5 while splitting the message. Most IRC
servers typically have length limits in place that would prevent this
A remote attacker can cause a denial of service by sending crafted IRC
messages, or tricking the user into installing a crafted theme. A
remote attacker in control of the IRCd to which the user is connected,
or in position of man-in-the-middle, might be able to execute arbitrary
code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security