Main Vulnerability Database Vulnerabilities #VU7401

Use-after-free in Irssi - CVE-2017-10966

Published: July 10, 2017 / Updated: July 11, 2017

Vulnerability identifier: #VU7401

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-10966

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Irssi

Software vendor:
Irssi.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when incorrectly using GHashTable interface while updating internal nick list. A remote unauthenticated attacker can create a specially crafted nick name and crash the affected server or execute arbitrary code.

Successful exploitation of the vulnerability may result in remote code execution.

Remediation

Update to version 1.0.4.

External links

https://irssi.org/security/irssi_sa_2017_07.txt

Use-after-free in Irssi - CVE-2017-10966

Description

Remediation

External links

Please verify you're human