FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

irssi -- multiple vulnerabilities

Affected packages
irssi < 1.1.1,1

Details

VuXML ID 7afc5e56-156d-11e8-95f2-005056925db4
Discovery 2018-02-15
Entry 2018-02-19
Modified 2018-02-22

Irssi reports:

Use after free when server is disconnected during netsplits. Found by Joseph Bisch.

Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch.

Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch.

When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. Found by Joseph Bisch.

Certain nick names could result in out of bounds access when printing theme strings. Found by Oss-Fuzz.

References

CVE Name CVE-2018-7050
CVE Name CVE-2018-7051
CVE Name CVE-2018-7052
CVE Name CVE-2018-7053
CVE Name CVE-2018-7054
FreeBSD PR ports/226001
URL https://irssi.org/security/irssi_sa_2018_02.txt