Irssi Underflow in event_wallops() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022410 |
|
SecurityTracker URL: http://securitytracker.com/id/1022410
|
|
CVE Reference:
CVE-2009-1959
(Links to External Site)
|
Date: Jun 16 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 0.8.13
|
Description:
A vulnerability was reported in Irssi. A remote user can cause denial of service conditions.
A remote server can send a specially crafted (empty) command to the connected client to trigger an off-by-one underflow and cause the target client to crash.
The vulnerability resides in the event_wallops() function in 'fe-common/irc/fe-events.c'.
The original advisory is available at:
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
xorl reported this vulnerability.
|
Impact:
A remote server can cause the connected client to crash.
|
Solution:
The vendor has issued a source code fix (r5068).
|
Vendor URL: www.irssi.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 16 Jun 2009 15:38:47 -0400
Subject: Irssi
|
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
CVE-2009-1959
|
|
