FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

irssi -- multiple vulnerabilities

Affected packages
irssi < 1.0.5,1

Details

VuXML ID 85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1
Discovery 2017-10-10
Entry 2017-10-22

Irssi reports:

When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string.

While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.

Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference.

Overlong nicks or targets may result in a NULL pointer dereference while splitting the message.

In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

References

CVE Name CVE-2017-15227
CVE Name CVE-2017-15228
CVE Name CVE-2017-15721
CVE Name CVE-2017-15722
CVE Name CVE-2017-15723
FreeBSD PR 223169
URL https://irssi.org/security/irssi_sa_2017_10.txt