11 lines
No EOL
691 B
Text
11 lines
No EOL
691 B
Text
source: https://www.securityfocus.com/bid/35399/info
|
|
|
|
Irssi is prone to an off-by-one, heap-based, memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer.
|
|
|
|
Attackers can exploit this issue to crash the vulnerable client, resulting in a denial-of-service condition. Given the nature of this issue, attackers may also be able to run arbitrary code within the context of the vulnerable application, but this has not been confirmed.
|
|
|
|
Iirssi 0.8.13 is vulnerable; other versions may also be affected.
|
|
|
|
The following example IRC command is available; please see the references for more information.
|
|
|
|
: WALLOPS \001ACTION |