Bug 1546275 (CVE-2018-7051)

Summary: CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with certain nick names
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: huzaifas, jskarvad, rschiron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: irssi 1.0.7, irssi 1.1.1 Doc Type: If docs needed, set a value
Doc Text:
An out of bound read was found in Irssi, version 0.8.7 and later, when dealing with malformed theme strings. An attacker could trigger the vulnerability by using specific nick names that could potentially cause a crash in the application.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:40:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1546316, 1563293, 1563294, 1563295    
Bug Blocks: 1546283    

Description Laura Pardo 2018-02-16 19:22:11 UTC
An issue was discovered in Irssi 0.8.7 and later in function
theme_format_expand_abstract of fe-common/core/themes.c file. Certain nick names
could result in out-of-bounds access when printing malformed theme strings.

Upstream commit:

Upstream patch:


Comment 1 Laura Pardo 2018-02-16 20:12:12 UTC
Created irssi tracking bugs for this issue:

Affects: fedora-all [bug 1546316]