CVE-2018-5205Use of Externally-Controlled Format String in Irssi

CWE-134Use of Externally-Controlled Format StringCWE-125Out-of-bounds Read9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IrssiDebian IrssiCanonical Ubuntu Linux+1 more
Timeline
PublishedJan 6
Latest updateMay 14

Description

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDirssi/irssi< 1.0.6
debiandebian/irssi< irssi 1.0.7-1 (bookworm)
Debianirssi/irssi< 1.0.7-1+3
Ubuntuirssi/irssi< 0.8.15-5ubuntu3.4+1

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 17.04, 17.10

Patches

Patch: irssi.orgPatch: irssi.org

🔴Vulnerability Details

3
GHSA
GHSA-h32h-429h-jx9q: When using incomplete escape codes, Irssi before 12022-05-14
OSV
irssi vulnerabilities2018-01-10
OSV
CVE-2018-5205: When using incomplete escape codes, Irssi before 12018-01-06

📋Vendor Advisories

3
Ubuntu
Irssi vulnerabilities2018-01-10
Red Hat
irssi: Out-of-bounds read when using incomplete escape codes2018-01-06
Debian
CVE-2018-5205: irssi - When using incomplete escape codes, Irssi before 1.0.6 may access data beyond th...2018

💬Community

2
Bugzilla
CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 irssi: various flaws [fedora-all]2018-01-09
Bugzilla
CVE-2018-5205 irssi: Out-of-bounds read when using incomplete escape codes2018-01-09