PT-2019-3224 · Irssi+2 · Irssi+2

Published

2019-08-29

·

Updated

2024-06-15

·

CVE-2019-15717

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Irssi versions 1.2.x through 1.2.1 Irssi version 1.2.2 is not affected, so the range is simplified to versions before 1.2.2.
Description The issue is related to a use-after-free error in the Irssi IRC client, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. This occurs when the IRC server sends a double CAP.
Recommendations For Irssi versions 1.2.x through 1.2.1, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IRC server or disabling the CAP functionality until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3468
ALT-PU-2020-3488
ALT-PU-2024-3802
BDU:2019-03213
CVE-2019-15717
MGASA-2019-0255
OPENSUSE-SU-2024:10865-1

Affected Products

Alt Linux
Irssi
Ubuntu