IRSSI-SA-2023-03 Irssi Security Advisory [1]

CVE-2023-29132

Description

1. Use after free while using a stale special collector reference found by ednash. (CWE-416)

   CVE-2023-29132 [2] was assigned to this issue.

Impact

May affect the stability of Irssi.

Affected versions

1. Irssi 1.3.0 and later

Fixed in

Irssi 1.4.4

Recommended action

Upgrade to Irssi 1.4.4.

After installing the updated packages, one can issue the /upgrade command to load the new binary.

Mitigating facts

The precondition for this issue is printing a non-formatted line during the printing of a formatted line. This is unlikely to happen without scripts, and is obscured by the slice allocator when using GLib before version 2.75.

References

1. https://irssi.org/security/irssi_sa_2023_03.txt
2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29132