Vulnerability Description
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Irssi | Irssi | <= 1.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291Issue TrackingPatchThird Party Advisory
- https://irssi.org/security/irssi_sa_2017_07.txtPatchVendor Advisory
- https://www.debian.org/security/2017/dsa-4016
- https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291Issue TrackingPatchThird Party Advisory
- https://irssi.org/security/irssi_sa_2017_07.txtPatchVendor Advisory
- https://www.debian.org/security/2017/dsa-4016
FAQ
What is CVE-2017-10966?
CVE-2017-10966 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result i...
How severe is CVE-2017-10966?
CVE-2017-10966 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-10966?
Check the references section above for vendor advisories and patch information. Affected products include: Irssi Irssi.