AVG-461

Package irssi
Status Fixed
Severity High
Type multiple issues
Affected 1.0.4-3
Fixed 1.0.5-1
Current 1.1.2-1 [extra]
Ticket None
Created Sun Oct 22 16:34:37 2017
Issue Severity Remote Type Description
CVE-2017-15723 Medium Yes Denial of service
Overlong nicks or targets may result in a NULL-pointer dereference in Irssi >= 0.8.17 and < 1.0.5 while splitting the message. Most IRC servers typically...
CVE-2017-15722 Medium Yes Denial of service
In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. To be exploited, this issue...
CVE-2017-15721 Medium Yes Denial of service
Certain incorrectly formatted DCC CTCP messages could cause NULL- pointer dereference in Irssi < 1.0.5. This is a separate, but similar issue to...
CVE-2017-15228 Medium Yes Denial of service
When installing themes with unterminated colour formatting sequences, Irssi < 1.0.5 may access data beyond the end of the string.
CVE-2017-15227 High Yes Arbitrary code execution
While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in...
Date Advisory Package Description
22 Oct 2017 ASA-201710-30 irssi multiple issues
References
https://irssi.org/security/irssi_sa_2017_10.txt