MGASA-2018-0069
- Source
- https://advisories.mageia.org/MGASA-2018-0069.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0069.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0069
- Related
- Published
- 2018-01-12T19:49:32Z
- Modified
- 2018-01-12T19:19:27Z
- Summary
- Updated irssi packages fix security vulnerabilities
- Details
-
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5205).
Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5206).
Joseph Bisch discovered that Irssi incorrectly handled incomplete variable arguments. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5207).
Joseph Bisch discovered that Irssi incorrectly handled completing certain strings. An attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-5208).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / irssi
Package
- Name
- irssi
- Purl
- pkg:rpm/mageia/irssi?distro=mageia-6
Mageia:5 / irssi
Package
- Name
- irssi
- Purl
- pkg:rpm/mageia/irssi?distro=mageia-5