CVE-2023-29132 — Use After Free in Irssi

CWE-416 — Use After Free6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 39.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi

Timeline

PublishedApr 14

Description

Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDirssi/irssi1.3.0 — 1.4.4

▶debiandebian/irssi< irssi 1.4.3-2 (bookworm)

▶Debianirssi/irssi< 1.4.3-2+2

🔴Vulnerability Details

GHSA

GHSA-rx4q-gwv4-r27p: Irssi 1↗2023-04-14

▶

OSV

CVE-2023-29132: Irssi 1↗2023-04-14

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerability↗2023-04-10

▶

Red Hat

irssi: a use after free possible under special circumstances↗2023-03-30

▶

Debian

CVE-2023-29132: irssi - Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stal...↗2023

▶