FreeBSD Irssi – multiple vulnerabilities (3d6be69b-d365-11e6-a071-001e67f15f5a)

Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Irssi reports:

Five vulnerabilities have been located in Irssi




– A NULL pointer dereference in the nickcmp function found by Joseph Bisch. (CWE-690)

– Use after free when receiving invalid nick message (Issue #466, CWE-146)

– Out of bounds read in certain incomplete control codes found by Joseph Bisch. (CWE-126)

– Out of bounds read in certain incomplete character sequences found by Hanno Bock and independently by J. Bisch. (CWE-126)

– Out of bounds read when Printing the value ‘%[‘. Found by Hanno Bock. (CWE-126)

These issues may result in denial of service (remote crash).

See also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215800
https://irssi.org/security/irssi_sa_2017_01.txt
http://www.nessus.org/u?b3fcf9cc

Solution:

Update the affected package.

Risk factor:

High

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr