SB2019070418 - Use-after-free in irssi (Alpine package)
Published: July 4, 2019
Security Bulletin ID
SB2019070418
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2019-13045)
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a use-after-free error when performing server reconnect with SASL authentication. A remote attacker can trigger the application to reconnect to the server (e.g. disrupt connection) that will cause application crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=776c02734f23cd174e3c637781c989474ab2e15a
- https://git.alpinelinux.org/aports/commit/?id=23cf1dbb3d0a33b1e2ee725878d76f60a53d8e32
- https://git.alpinelinux.org/aports/commit/?id=3dc163ee30f6d8236f24f2c8704e9e5bd04261ca
- https://git.alpinelinux.org/aports/commit/?id=470717992bc7a9e06596b94b80804747974518e7
- https://git.alpinelinux.org/aports/commit/?id=4a1b35f961328ede5ec6d878950b6f368b83a75d
- https://git.alpinelinux.org/aports/commit/?id=a95d7efded7650a16db9f1cfa01e95bc5513cf83