IRSSI-SA-2019-01 Irssi Security Advisory [1]

CVE-2019-5882

Description

  1. Use after free when hidden lines were expired from the scroll buffer. (CWE-417, CWE-825)

    CVE-2019-5882 [2] was assigned to this issue.

Impact

May affect the stability of Irssi.

Affected versions

  1. Irssi 1.1.0 and later

Fixed in

Irssi 1.1.2

Upgrade to Irssi 1.1.2. Irssi 1.1.2 is a maintenance release in the 1.1 series, without any new features.

After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect.

Mitigating facts

  1. If lines are never hidden (no usage of /window hidelevel), this bug will not trigger.

References