CVE-2018-7053

Опубликовано: 13 фев. 2018

Источник: redhat

CVSS3: 3.7

Описание

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

A use-after-free was found in the way Irssi, version 0.8.18 and later, handled out of order SASL messages sent by an IRC server. A remote attacker, who controls an IRC server, could crash the application by exploiting this flaw.

Отчет

This issue did not affect the versions of Irssi as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for SASL.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	irssi	Not affected
Red Hat Enterprise Linux 7	irssi	Not affected
Red Hat Enterprise Linux 8	irssi	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1546226irssi: use-after-free when SASL messages are received in unexpected order

3.7 Low

CVSS3

Связанные уязвимости

CVE-2018-7053

CVSS3: 9.8

ubuntu

почти 8 лет назад

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

CVE-2018-7053

CVSS3: 9.8

nvd

почти 8 лет назад

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

CVE-2018-7053

CVSS3: 9.8

debian

почти 8 лет назад

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...

GHSA-jfgj-q49c-3779

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

3.7 Low

CVSS3