diff options
Diffstat (limited to 'security/irssi_sa_2017_03.txt')
-rw-r--r-- | security/irssi_sa_2017_03.txt | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/irssi_sa_2017_03.txt b/security/irssi_sa_2017_03.txt new file mode 100644 index 0000000..936aec6 --- /dev/null +++ b/security/irssi_sa_2017_03.txt @@ -0,0 +1,56 @@ +use after free condition during netjoin processing [1] +====================================================== +CWE Classification: CWE-416 + + +CVE-2017-xxxx [2] will be updated once cve assigned. + + +Description +----------- + +Use after free while producing list of netjoins (CWE-416) + +This issue was found and reported to us by APic. + + +Impact +------ + +This issue usually leads to segmentation faults. Targeted code +execution should be difficult. + + +Affected versions +----------------- + +Irssi up to and including 1.0.1 + +We believe Irssi 0.8.21 and prior are not affected since a different +code path causes the netjoins to be flushed prior to reaching the use +after free condition. + + +Fixed in +-------- + +Irssi 1.0.2 + + +Recommended action +------------------ + +Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release +without any new features. + + +Patch +----- + +https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3 + + +References +---------- + +[1] https://irssi.org/security/irssi_sa_2017_03.txt |