CVE-2017-10966 — Use After Free in Irssi

CWE-416 — Use After Free9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi

Timeline

PublishedJul 7

Latest updateMay 17

Description

An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.4-1 (bookworm)

▶Debianirssi/irssi< 1.0.4-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.3+1

▶NVDirssi/irssi1.0.3

Patches

Patch: github.com ↗Patch: irssi.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jw8-77gg-583w: An issue was discovered in Irssi before 1↗2022-05-17

▶

OSV

irssi vulnerabilities↗2017-10-26

▶

OSV

CVE-2017-10966: An issue was discovered in Irssi before 1↗2017-07-07

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-10-26

▶

Red Hat

irssi: Use-after-free while updating the internal nick list↗2017-07-05

▶

Debian

CVE-2017-10966: irssi - An issue was discovered in Irssi before 1.0.4. While updating the internal nick ...↗2017

▶

💬Community

HackerOne

CVE-2017-10966: Heap-use-after-free in Irssi <1.0.4↗2019-10-14

▶

Bugzilla

CVE-2017-10966 irssi: Use-after-free while updating the internal nick list↗2017-07-20

▶