SB2018010823 - Fedora 27 update for irssi
Published: January 8, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018010823
Severity
Low
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer over-read (CVE-ID: CVE-2018-5205)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to data access beyond the end of the string when using incomplete escape codes. A remote attacker can trigger buffer over-read and gain access to potentially sensitive information.
2) NULL pointer dereference (CVE-ID: CVE-2018-5206)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference when the channel topic is set without specifying a sender. A remote attacker can cause the service to crash.
3) Buffer over-read (CVE-ID: CVE-2018-5207)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to data access beyond the end of the string when using an incomplete variable argument. A remote attacker can trigger buffer over-read and gain access to potentially sensitive information.
4) Buffer over-read (CVE-ID: CVE-2018-5208)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a calculation error in the completion code that triggers heap buffer overflow when completing certain strings. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.