CVE-2018-7053
Published: 15 February 2018
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
Notes
| Author | Note |
|---|---|
| leosilva | from debian, vulnerable code was introduced in 0.8.18 trusty is not-affected. |
Priority
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
irssi Launchpad, Ubuntu, Debian |
artful |
Released
(1.0.4-1ubuntu2.3)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Released
(1.0.7)
|
|
| xenial |
Released
(0.8.19-1ubuntu1.7)
|
|
|
Patches: other: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c |
||