Headline
CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.
IRSSI-SA-2023-03 Irssi Security Advisory [1] ============================================ CVE-2023-29132 Description ----------- (a) Use after free while using a stale special collector reference found by ednash. (CWE-416) CVE-2023-29132 [2] was assigned to this issue. Impact ------ May affect the stability of Irssi. Affected versions ----------------- (a) Irssi 1.3.0 and later Fixed in -------- Irssi 1.4.4 Recommended action ------------------ Upgrade to Irssi 1.4.4. After installing the updated packages, one can issue the /upgrade command to load the new binary. Mitigating facts ---------------- The precondition for this issue is printing a non-formatted line during the printing of a formatted line. This is unlikely to happen without scripts, and is obscured by the slice allocator when using GLib before version 2.75. References ---------- [1] https://irssi.org/security/irssi_sa_2023_03.txt [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29132
Related news
Ubuntu Security Notice 6002-1 - It was discovered that Irssi incorrectly handled certain internal routines. An attacker could possibly use this issue to cause a crash.