Bug 1546275 (CVE-2018-7051) - CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with certain nick names
Summary: CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with ce...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-7051
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1546316 1563293 1563294 1563295
Blocks: 1546283
TreeView+ depends on / blocked
 
Reported: 2018-02-16 19:22 UTC by Laura Pardo
Modified: 2019-09-29 14:32 UTC (History)
3 users (show)

Fixed In Version: irssi 1.0.7, irssi 1.1.1
Doc Type: If docs needed, set a value
Doc Text:
An out of bound read was found in Irssi, version 0.8.7 and later, when dealing with malformed theme strings. An attacker could trigger the vulnerability by using specific nick names that could potentially cause a crash in the application.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:40:13 UTC
Embargoed:

Attachments (Terms of Use)

Description Laura Pardo 2018-02-16 19:22:11 UTC 
An issue was discovered in Irssi 0.8.7 and later in function
theme_format_expand_abstract of fe-common/core/themes.c file. Certain nick names
could result in out-of-bounds access when printing malformed theme strings.

Upstream commit:
https://github.com/irssi/irssi/commit/e0c66e31224894674356ddaf6d46016c1abc994f

Upstream patch:
https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af

References:
https://irssi.org/security/irssi_sa_2018_02.txt
Comment 1 Laura Pardo 2018-02-16 20:12:12 UTC 
Created irssi tracking bugs for this issue:

Affects: fedora-all [bug 1546316]
Note You need to log in before you can comment on or make changes to this bug.