FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

irssi -- multiple vulnerabilities

Affected packages
irssi < 1.0.6,1

Details

VuXML ID a3764767-f31e-11e7-95f2-005056925db4
Discovery 2018-01-03
Entry 2018-01-06

Irssi reports:

When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch.

When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch.

A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Found by Joseph Bisch.

When using an incomplete variable argument, Irssi may access data beyond the end of the string. Found by Joseph Bisch.

References

CVE Name CVE-2018-5205
CVE Name CVE-2018-5206
CVE Name CVE-2018-5207
CVE Name CVE-2018-5208
FreeBSD PR ports/224954
URL https://irssi.org/security/irssi_sa_2018_01.txt