IRSSI-SA-2018-01 Irssi Security Advisory [1] ============================================ CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207 Description ----------- Multiple vulnerabilities have been located in Irssi. (a) When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. (CWE-476) CVE-2018-5206 [2] was assigned to this issue. (b) When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch. (CWE-126) CVE-2018-5205 [3] was assigned to this issue. (c) A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Found by Joseph Bisch. (CWE-126) CVE-2018-5208 [4] was assigned to this issue. (d) When using an incomplete variable argument, Irssi may access data beyond the end of the string. Found by Joseph Bisch. (CWE-126) CVE-2018-5207 [5] was assigned to this issue. Impact ------ May affect the stability of Irssi. Affected versions ----------------- (a) All Irssi versions that we observed (b) All Irssi versions that we observed (c) All Irssi versions that we observed (d) All Irssi versions that we observed Fixed in -------- Irssi 1.0.6 Recommended action ------------------ Upgrade to Irssi 1.0.6. Irssi 1.0.6 is a maintenance release in the 1.0 series, without any new features. After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect. Mitigating facts ---------------- (a) requires a broken ircd or control over the ircd (b) requires user to install malicious or broken files or enter affected commands (d) requires user to install malicious or broken files or enter affected commands Patch ----- https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff References ---------- [1] https://irssi.org/security/irssi_sa_2018_01.txt [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206 [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205 [4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208 [5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207