IRSSI-SA-2019-01 Irssi Security Advisory [1]

CVE-2019-5882

Description

1. Use after free when hidden lines were expired from the scroll buffer. (CWE-416, CWE-825)

   CVE-2019-5882 [2] was assigned to this issue.

Impact

May affect the stability of Irssi.

Affected versions

1. Irssi 1.1.0 and later

Fixed in

Irssi 1.1.2

Recommended action

Upgrade to Irssi 1.1.2. Irssi 1.1.2 is a maintenance release in the 1.1 series, without any new features.

After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect.

Mitigating facts

1. If lines are never hidden (no usage of /window hidelevel), this bug will not trigger.

References

1. https://irssi.org/security/irssi_sa_2019_01.txt
2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5882