ASA-2019-00524 – Irssi: Use-after-free when receiving duplicate CAP

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00524

Identifier(s)

ASA-2019-00524, CVE-2019-15717

Title

Use-after-free when receiving duplicate CAP

Vendor(s)

The Irssi project

Product(s)

Irssi

Affected version(s)

Irssi versions 1.2.0 and later prior to 1.2.2

Fixed version(s)

Irssi version 1.2.2

Proof of concept

Unknown

Description

There’s a use-after-free when receiving duplicate CAP.

Technical details

Unknown

Credits

Joseph Bisch

Reference(s)

IRSSI-SA-2019-08 Irssi Security Advisory [1]
https://irssi.org/security/irssi_sa_2019_08.txt

fix use after free receiving caps
https://github.com/irssi/irssi/commit/5a4e7ab659aba2855895c9f43e9a7a131f4e89b3

Irssi 1.2.2:CVE-2019-15717
https://www.openwall.com/lists/oss-security/2019/08/29/3

Irssi 1.2.2 Released
https://irssi.org/2019/08/29/irssi-1.2.2-released/

CVE-2019-15717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15717

CVE-2019-15717
https://nvd.nist.gov/vuln/detail/CVE-2019-15717

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: September 3, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.