[3.5] irssi: Multiple vulnerabilities (CVE-2017-5193, CVE-2017-5194, CVE-2017-5356, CVE-2017-5195, CVE-2017-5196)
CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
Fixed In Version:
irssi 0.8.21, irssi 1.0.0
References:
https://irssi.org/security/irssi\_sa\_2017\_01.txt
http://seclists.org/oss-sec/2017/q1/26
(from redmine: issue id 6691, created on 2017-01-16, closed on 2017-01-23)
- Relations:
- parent #6690 (closed)
- Changesets:
- Revision 72b8702d by Sergei Lukin on 2017-01-18T11:21:01Z:
main/irssi: security upgrade to 0.8.21 - fixes #6691
CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.