Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerability
CVE-2018-7053
Published:
2018-02-15
Description:
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
Type:
CWE-416
(Use After Free)
Vendor:
Debian
Product:
Debian linux
Version:
9.0;
Vendor:
Canonical
Product:
Ubuntu linux
Version:
17.10
16.04
14.04
Vendor:
Irssi
Product:
Irssi
Version:
1.1.0
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.8.9
0.8.8
0.8.7
0.8.6
0.8.5
0.8.4
0.8.3
0.8.21
0.8.20
0.8.2
0.8.19
0.8.18
0.8.17
0.8.16
0.8.15
0.8.14
0.8.13
0.8.12
0.8.11
0.8.10
0.8.1
0.8.0
0.7.98.3
0.7.98.2
0.7.98
0.7.97
0.7.96
0.7.95
0.7.94
0.7.93
0.7.92
0.7.91
0.7.90
0.7.28
0.7.27
0.7.26
0.7.25
0.7.24
0.7.23
0.7.22
0.7.21
0.7.20.1
0.7.20
0.7.19
0.7.18
0.7.17
0.7.16
CVSS2
=> (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
References:
http://openwall.com/lists/oss-security/2018/02/15/1
https://irssi.org/security/irssi_sa_2018_02.txt
https://usn.ubuntu.com/3590-1/
https://www.debian.org/security/2018/dsa-4162
Related CVE
CVE-2019-15717
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-13045
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
CVE-2019-5882
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
CVE-2018-7054
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
CVE-2018-7052
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
CVE-2018-7051
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
CVE-2018-7050
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-5208
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
Copyright
2019
, cxsecurity.com
Back to Top
