Allele Security Alert
ASA-2019-00401
Identifier(s)
ASA-2019-00401, CVE-2019-13045, IRSSI-SA-2019-06
Title
Use-after-free when sending SASL login
Vendor(s)
The Irssi team
Product(s)
Irssi
Affected version(s)
Irssi version 0.8.18 and later
Fixed version(s)
Irssi version 1.0.8
Irssi version 1.1.3
Irssi version 1.2.1
Proof of concept
Unknown
Description
Use-after-free when sending SASL login to the server may affect the stability of Irssi. SASL logins may fail, especially during (manual and automated) reconnect.
Technical details
Unknown
Credits
ilbelkyr
Reference(s)
IRSSI-SA-2019-06 Irssi Security Advisory
https://irssi.org/security/html/irssi_sa_2019_06/
memory corruption sasl reconnect?
https://github.com/irssi/irssi/issues/1055
Merge pull request #1058 from ailin-nemui/sasl-reconnect
https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
irssi Use after free SASL Vulnerability
http://blog.firosolutions.com/exploits/irssi2019/
CVE-2019-13045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13045
CVE-2019-13045
https://nvd.nist.gov/vuln/detail/CVE-2019-13045
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 6, 2019