1. CVE-Search
  2. CVE-2019-13045
ID CVE-2019-13045
Summary Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
References
Vulnerable Configurations
  • cpe:2.3:a:irssi:irssi:0.8.18:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.18:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.18:-:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.18:-:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.18:beta1:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.18:beta1:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.18:beta2:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.18:beta2:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:0.8.21:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:0.8.21:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:irssi:irssi:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:irssi:irssi:1.2.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-07-2019 - 15:15)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1727683
title CVE-2019-13045 irssi: use after free when sending SASL login to server
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment irssi is earlier than 0:1.1.1-3.el8
          oval oval:com.redhat.rhsa:tst:20201616001
        • comment irssi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201616002
      • AND
        • comment irssi-debugsource is earlier than 0:1.1.1-3.el8
          oval oval:com.redhat.rhsa:tst:20201616003
        • comment irssi-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201616004
      • AND
        • comment irssi-devel is earlier than 0:1.1.1-3.el8
          oval oval:com.redhat.rhsa:tst:20201616005
        • comment irssi-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201616006
rhsa
id RHSA-2020:1616
released 2020-04-28
severity Low
title RHSA-2020:1616: irssi security update (Low)
rpms
  • irssi-0:1.1.1-3.el8
  • irssi-debuginfo-0:1.1.1-3.el8
  • irssi-debugsource-0:1.1.1-3.el8
  • irssi-devel-0:1.1.1-3.el8
refmap via4
bid 108998
bugtraq 20190630 [slackware-security] irssi (SSA:2019-180-01)
misc
mlist [oss-security] 20190629 Irssi 1.2.1/1.1.3/1.0.8: CVE-2019-13045
suse
  • openSUSE-SU-2019:1690
  • openSUSE-SU-2019:1894
ubuntu USN-4046-1
Last major update 03-07-2019 - 15:15
Published 29-06-2019 - 14:15
Last modified 03-07-2019 - 15:15
Back to Top