AVG-575

Package irssi
Status Fixed
Severity Medium
Type denial of service
Affected 1.0.5-1
Fixed 1.0.6-1
Current 1.1.1-2 [extra]
Ticket None
Created Sat Jan 6 14:30:40 2018
Issue Severity Remote Type Description
CVE-2018-5208 Medium No Denial of service
In Irssi before 1.0.6 a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
CVE-2018-5207 Medium No Denial of service
When using an incomplete variable argument, irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-5206 Medium Yes Denial of service
When the channel topic is set without specifying a sender, irssi before 1.0.6 may dereference a NULL pointer.
CVE-2018-5205 Medium No Denial of service
When using incomplete escape codes, irssi before 1.0.6 may access data beyond the end of the string.
Date Advisory Package Description
16 Jan 2018 ASA-201801-12 irssi denial of service
References
http://www.openwall.com/lists/oss-security/2018/01/06/2
https://irssi.org/security/irssi_sa_2018_01.txt