summaryrefslogtreecommitdiff
path: root/_security/irssi_sa_2018_02.txt
diff options
context:
space:
mode:
Diffstat (limited to '_security/irssi_sa_2018_02.txt')
-rw-r--r--_security/irssi_sa_2018_02.txt63
1 files changed, 63 insertions, 0 deletions
diff --git a/_security/irssi_sa_2018_02.txt b/_security/irssi_sa_2018_02.txt
new file mode 100644
index 0000000..cbf756d
--- /dev/null
+++ b/_security/irssi_sa_2018_02.txt
@@ -0,0 +1,63 @@
+---
+name: IRSSI-SA-2018-02
+release_date: 2018-02-17
+bugs:
+ -
+ cve: CVE-2018-7054
+ cwe: CWE-416, CWE-825
+ exploitable_by: remote
+ affected_versions:
+ from: 1.0.0
+ to: [ 1.0.6, 1.1.0 ]
+ fixed_version: [ 1.0.7, 1.1.1 ]
+ credit: 'Joseph Bisch'
+ description: Use after free when server is disconnected during netsplits.
+ -
+ cve: CVE-2018-7053
+ cwe: CWE-416, CWE-691
+ exploitable_by: server
+ affected_versions:
+ from: 0.8.18
+ to: [ 1.0.6, 1.1.0 ]
+ fixed_version: [ 1.0.7, 1.1.1 ]
+ credit: 'Joseph Bisch'
+ description: Use after free when SASL messages are received in unexpected order.
+ mitigating_info: requires a non-conforming ircd
+ -
+ cve: CVE-2018-7050
+ cwe: CWE-476, CWE-475
+ exploitable_by: server
+ affected_versions:
+ to: [ 1.0.6, 1.1.0 ]
+ fixed_version: [ 1.0.7, 1.1.1 ]
+ credit: 'Joseph Bisch'
+ description: Null pointer dereference when an "empty" nick has been observed by Irssi.
+ mitigating_info: requires a broken ircd or control over the ircd
+ -
+ cve: CVE-2018-7052
+ cwe: CWE-690
+ exploitable_by: client
+ affected_versions:
+ to: [ 1.0.6, 1.1.0 ]
+ fixed_version: [ 1.0.7, 1.1.1 ]
+ credit: 'Joseph Bisch'
+ description: When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference.
+ mitigating_info: depends on non-default configuration
+ -
+ cve: CVE-2018-7051
+ cwe: CWE-126
+ exploitable_by: client
+ affected_versions:
+ from: 0.8.7
+ to: [ 1.0.6, 1.1.0 ]
+ fixed_version: [ 1.0.7, 1.1.1 ]
+ credit: Oss-Fuzz
+ description: Certain nick names could result in out of bounds access when printing theme strings.
+recommended_action: >
+ Upgrade to the latest stable Irssi version. Irssi 1.0.7 and 1.1.1 are maintenance release in the
+ 1.0 and 1.1 series, without any new features.
+
+ After installing the updated packages, one can issue the /upgrade
+ command to load the new binary. TLS connections will require
+ /reconnect.
+---
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 06:53:53 +0000