oss-sec mailing list archives
Irssi SA-2023-03 / Use after free in printing routine
From: Ailin Nemui <ailin () devio us>
Date: Fri, 31 Mar 2023 04:59:30 +0800
Hi, The issue has been reported to us by ednash, who were experiencing frequent crashes of their Irssi. With the release of GLib 2.77, the slice memory allocator that was previously obscuring this memory issue was removed, thus making it much easier to trip. When Irssi prints a message while another message is being printed, the list that keeps track of Irssi variables for use in statusbar/message patterns is not correctly cleaned up, leading to the use after free condition. A CVE has been requested. official message: https://irssi.org/security/irssi_sa_2023_03.txt IRSSI-SA-2023-03 Irssi Security Advisory [1] ============================================ [ CVE will be added here ] Description ----------- (a) Use after free while using a stale special collector reference found by ednash. (CWE-416) Impact ------ May affect the stability of Irssi. Affected versions ----------------- (a) Irssi 1.3.0 and later Fixed in -------- Irssi 1.4.4 Recommended action ------------------ Upgrade to Irssi 1.4.4. After installing the updated packages, one can issue the /upgrade command to load the new binary. Mitigating facts ---------------- The precondition for this issue is printing a non-formatted line during the printing of a formatted line. This is unlikely to happen without scripts, and is obscured by the slice allocator when using GLib before version 2.77. References ---------- [1] https://irssi.org/security/irssi_sa_2023_03.txt
Current thread:
- Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 30)
- Re: CVE-2023-29132: Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 31)