summaryrefslogtreecommitdiff
path: root/_security/irssi_sa_2017_03.txt
diff options
context:
space:
mode:
Diffstat (limited to '_security/irssi_sa_2017_03.txt')
-rw-r--r--_security/irssi_sa_2017_03.txt57
1 files changed, 57 insertions, 0 deletions
diff --git a/_security/irssi_sa_2017_03.txt b/_security/irssi_sa_2017_03.txt
new file mode 100644
index 0000000..d155884
--- /dev/null
+++ b/_security/irssi_sa_2017_03.txt
@@ -0,0 +1,57 @@
+use after free condition during netjoin processing [1]
+======================================================
+CWE Classification: CWE-416
+
+
+CVE-2017-7191 [2] was assigned to this bug
+
+
+Description
+-----------
+
+Use after free while producing list of netjoins (CWE-416)
+
+This issue was found and reported to us by APic.
+
+
+Impact
+------
+
+This issue usually leads to segmentation faults. Targeted code
+execution should be difficult.
+
+
+Affected versions
+-----------------
+
+Irssi up to and including 1.0.1
+
+We believe Irssi 0.8.21 and prior are not affected since a different
+code path causes the netjoins to be flushed prior to reaching the use
+after free condition.
+
+
+Fixed in
+--------
+
+Irssi 1.0.2
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release
+without any new features.
+
+
+Patch
+-----
+
+https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2017_03.txt
+[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-16 04:05:52 +0000