CVE-2017-15227 — Use After Free in Irssi

CWE-416 — Use After Free9 documents7 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

0.4%

top 42.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi

Timeline

PublishedOct 22

Latest updateMay 14

Description

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/irssi< irssi 1.0.5-1 (bookworm)

▶Debianirssi/irssi< 1.0.5-1+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.3+1

▶NVDirssi/irssi1.0.4

Patches

Patch: openwall.com ↗Patch: irssi.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-fxx4-c6q5-9c62: Irssi before 1↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-10-26

▶

OSV

CVE-2017-15227: Irssi before 1↗2017-10-22

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-10-26

▶

Red Hat

irssi: Use-after-free due to failures to remove destroyed channels from the query list↗2017-10-22

▶

Debian

CVE-2017-15227: irssi - Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrect...↗2017

▶

💬Community

Bugzilla

CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 irssi: various flaws [fedora-all]↗2017-11-08

▶

Bugzilla

CVE-2017-15227 irssi: Use-after-free due to failures to remove destroyed channels from the query list↗2017-11-08

▶