Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2012-1 CVE-2012-5854 7.5
Crash when decoding IRC colors. IRC Out-of-bounds write 0.3.6 → 0.3.9 0.3.9.1

WSA-2012-1: [IRC] Crash when decoding IRC colors.

Vulnerability
CVE
CVE-2012-5854 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds write (detail)
Scope
IRC
Affected versions
0.3.6 → 0.3.9
Fixed version
0.3.9.1 () - ChangeLog
Tracker
Commits
Description
A buffer overflow happens when decoding some IRC colors in strings.
Mitigation
Turn of handling of colors in incoming IRC messages:

/set irc.network.colors_receive off