[3.6] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054)
CVE-2018-5205: When using incomplete escape codes, Irssi may access data beyond the end of the string.
Affected Versions:
All Irssi versions.
Fixed In:
Irssi 1.0.6
References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
CVE-2018-5206: When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.
Affected Versions:
All Irssi versions.
Fixed In:
Irssi 1.0.6
References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
CVE-2018-5207: When using an incomplete variable argument, Irssi may access data beyond the end of the string.
Affected Versions:
All Irssi versions.
Fixed In:
Irssi 1.0.6
References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
CVE-2018-5208: A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
Affected Versions:
All Irssi versions.
Fixed In:
Irssi 1.0.6
References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
CVE-2018-7050: Null pointer dereference when an “empty” nick has been observed by Irssi.
Affected versions:
All Irssi versions
Fixed in:
Irssi 1.0.7, 1.1.1
References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
CVE-2018-7051: Certain nick names could result in out of bounds access when printing theme strings.
Affected versions:
Irssi 0.8.7 and later
Fixed in:
Irssi 1.0.7, 1.1.1
References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
CVE-2018-7052: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
Affected versions:
All Irssi versions
Fixed in:
Irssi 1.0.7, 1.1.1
References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
CVE-2018-7053: Use after free when SASL messages are received in unexpected order.
Affected Versions:
Irssi 0.8.18 and later
Fixed in:
Irssi 1.0.7, 1.1.1
References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
CVE-2018-7054: Use after free when server is disconnected during netsplits.
Affected Versions:
Irssi 1.0.0 and later
Fixed in:
Irssi 1.0.7, 1.1.1
References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
(from redmine: issue id 8502, created on 2018-02-19, closed on 2018-02-20)
- Relations:
- parent #8500 (closed)
- Changesets:
- Revision 5ea4be17 on 2018-02-19T15:01:56Z:
main/irssi: security upgrade to 1.0.6
CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050,
CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054
Fixes #8502