Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-7053

Published: 15 February 2018

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

Notes

AuthorNote
leosilva
from debian, vulnerable code was introduced in 0.8.18
trusty is not-affected.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
irssi
Launchpad, Ubuntu, Debian
artful
Released (1.0.4-1ubuntu2.3)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.0.7)
xenial
Released (0.8.19-1ubuntu1.7)
Patches:
other: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c