Bug 504554 (CVE-2009-1959)

Summary: CVE-2009-1959 irssi: off-by-one error in the event_wallops
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1959
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Hoger 2009-06-08 08:02:13 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1959 to the following vulnerability:

Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to
cause a denial of service (crash) via an empty command, which triggers
a one-byte buffer under-read and a one-byte buffer underflow.

References:
http://bugs.irssi.org/index.php?do=details&task_id=662
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
http://www.irssi.org/ChangeLog 
http://www.openwall.com/lists/oss-security/2009/05/29/3

Comment 1 Tomas Hoger 2009-06-08 08:07:11 UTC
Upstream SVN commit:
http://svn.irssi.org/cgi-bin/viewvc.cgi?view=rev&root=irssi&revision=5068

Comment 2 Fedora Update System 2009-06-24 06:27:54 UTC
irssi-0.8.13-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/irssi-0.8.13-3.fc10

Comment 3 Fedora Update System 2009-06-24 06:28:53 UTC
irssi-0.8.13-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/irssi-0.8.13-3.fc11

Comment 4 Fedora Update System 2009-08-03 19:26:52 UTC
irssi-0.8.13-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2009-08-31 23:38:32 UTC
irssi-0.8.13-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.