A vulnerability in irssi was found caused by improper input checking allowing remote attacker to cause application crash. The format_send_to_gui() function does not validate the length of the string before incrementing the `ptr' pointer in all cases. If that happens, the pointer `ptr' can be incremented twice and thus end past the boundaries of the original `dup' buffer. Affected versions: Irssi 0.8.17-beta up to and including 0.8.19 up to 0.8.19-219-g52fedea External Reference: https://irssi.org/security/irssi_sa_2016.txt
Created irssi tracking bugs for this issue: Affects: fedora-all [bug 1378345] Affects: epel-5 [bug 1378346]
As shipped in RHEL-6, RHEL-7 or EPEL-5, the ptr pointer can not overflow. These products are not affected by this flaw.