First published: Sat Jan 06 2018(Updated: )
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/irssi | <1.0.4-1ubuntu2.2 | 1.0.4-1ubuntu2.2 |
ubuntu/irssi | <0.8.15-5ubuntu3.4 | 0.8.15-5ubuntu3.4 |
ubuntu/irssi | <0.8.19-1ubuntu1.6 | 0.8.19-1ubuntu1.6 |
ubuntu/irssi | <0.8.20-2ubuntu2.3 | 0.8.20-2ubuntu2.3 |
debian/irssi | 1.2.3-1 1.4.3-2 1.4.5-1 | |
Irssi | <1.0.6 | |
Debian | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5208 is considered a high severity vulnerability due to the potential for a heap buffer overflow.
To fix CVE-2018-5208, update Irssi to version 1.0.6 or later.
Irssi versions prior to 1.0.6 are affected, along with certain versions of Debian Linux.
CVE-2018-5208 is a heap buffer overflow vulnerability caused by a calculation error in the completion code.
Yes, Ubuntu users running specific versions of the irssi package prior to 1.0.6 are affected by CVE-2018-5208.