CVE-2018-7053Use After Free in Irssi

CWE-416Use After Free9 documents7 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
0.8%
top 25.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IrssiDebian IrssiCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 15
Latest updateMay 14

Description

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDirssi/irssi< 1.0.7+1
debiandebian/irssi< irssi 1.0.7-1 (bookworm)
Debianirssi/irssi< 1.0.7-1+3
Ubuntuirssi/irssi< 0.8.15-5ubuntu3.5+1

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

3
GHSA
GHSA-jfgj-q49c-3779: An issue was discovered in Irssi before 12022-05-14
OSV
irssi vulnerabilities2018-03-06
OSV
CVE-2018-7053: An issue was discovered in Irssi before 12018-02-15

📋Vendor Advisories

3
Ubuntu
Irssi vulnerabilities2018-03-06
Red Hat
irssi: use-after-free when SASL messages are received in unexpected order2018-02-13
Debian
CVE-2018-7053: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a...2018

💬Community

2
Bugzilla
CVE-2018-7053 irssi: use-after-free when SASL messages are received in unexpected order2018-02-16
Bugzilla
CVE-2018-7053 irssi: use-after-free when SASL messages are received in unexpected order [fedora-all]2018-02-16