[ASA-201801-12] irssi: denial of service

Levente Polyak anthraxx at archlinux.org
Thu Jan 18 22:34:00 UTC 2018


Arch Linux Security Advisory ASA-201801-12
==========================================

Severity: Medium
Date    : 2018-01-16
CVE-ID  : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208
Package : irssi
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-575

Summary
=======

The package irssi before version 1.0.6-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 1.0.6-1.

# pacman -Syu "irssi>=1.0.6-1"

The problems have been fixed upstream in version 1.0.6.

Workaround
==========

None.

Description
===========

- CVE-2018-5205 (denial of service)

When using incomplete escape codes, irssi before 1.0.6 may access data
beyond the end of the string.

- CVE-2018-5206 (denial of service)

When the channel topic is set without specifying a sender, irssi before
1.0.6 may dereference a NULL pointer.

- CVE-2018-5207 (denial of service)

When using an incomplete variable argument, irssi before 1.0.6 may
access data beyond the end of the string.

- CVE-2018-5208 (denial of service)

In Irssi before 1.0.6 a calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.

Impact
======

A remote attacker is able to crash the application via a malicious
server or by tricking a user to use malicious commands.

References
==========

http://www.openwall.com/lists/oss-security/2018/01/06/2
https://irssi.org/security/irssi_sa_2018_01.txt
https://github.com/irssi/irssi/commit/7a83c63701b7395ee6cc606905314318eef77971
https://github.com/irssi/irssi/commit/54d453623d879ea83d0818a80bd14151192953ec
https://github.com/irssi/irssi/commit/cc17837a9b326ec9100a35981348fa0f5d6316fa
https://github.com/irssi/irssi/commit/2361d4b1e5d38701f35146219ceddd318ac4e645
https://security.archlinux.org/CVE-2018-5205
https://security.archlinux.org/CVE-2018-5206
https://security.archlinux.org/CVE-2018-5207
https://security.archlinux.org/CVE-2018-5208

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180118/9dfc8f6c/attachment.asc>


More information about the arch-security mailing list