OpenSUSE Linux update for irssi



| Updated: 2019-07-05
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-13045
CWE-ID CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
SUSE Package Hub for SUSE Linux Enterprise
Universal components / Libraries / Libraries used by multiple products

Opensuse
Operating systems & Components / Operating system

SUSE Linux
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU18945

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-13045

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a use-after-free error when performing server reconnect with SASL authentication. A remote attacker can trigger the application to reconnect to the server (e.g. disrupt connection) that will cause application crash.


Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Package Hub for SUSE Linux Enterprise: 12

Opensuse: 15.0 - 42.3

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00006.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###