PT-2018-2900 · Irssi+2 · Irssi+2

Joseph Bisch

Published

2018-02-15

Updated

2024-06-15

CVE-2018-7054

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Irssi versions prior to 1.0.7 Irssi versions 1.1.x prior to 1.1.1

Description The issue is related to a use-after-free error that occurs when a server is disconnected during netsplits, potentially allowing a remote attacker to cause a denial of service or execute arbitrary code. This problem exists due to an incomplete fix for a previous issue.

Recommendations For Irssi versions prior to 1.0.7, update to version 1.0.7 or later. For Irssi versions 1.1.x prior to 1.1.1, update to version 1.1.1 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1665

ALT-PU-2020-3488

ALT-PU-2024-3802

BDU:2019-02520

CVE-2018-7054

DSA-4162-1

MGASA-2018-0132

OPENSUSE-SU-2018:0475-1

OPENSUSE-SU-2018:0477-1

OPENSUSE-SU-2024:10865-1

USN-3590-1

USN-4046-1

Affected Products

Alt Linux

Irssi

Ubuntu

PT-2018-2900 · Irssi+2 · Irssi+2

CVE-2018-7054

Weakness Enumeration

Related Identifiers

Affected Products

References · 93