---
name: IRSSI-SA-2017-03
heading: use after free condition during netjoin processing
release_date: 2017-03-10
git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
bugs:
  -
    cve: CVE-2017-7191
    cwe: CWE-416
    exploitable_by: server
    affected_versions:
      from: 1.0.0
      to: 1.0.1
    affected_note_long: >

      We believe Irssi 0.8.21 and prior are not affected since a different
      code path causes the netjoins to be flushed prior to reaching the use
      after free condition.
    fixed_version: 1.0.2
    credit: APic
    description: 'Use after free while producing list of netjoins'
    description_long: >
      Use after free while producing list of netjoins (CWE-416)

      This issue was found and reported to us by APic.
impact: >
  This issue usually leads to segmentation faults. Targeted code
  execution should be difficult.

recommended_action: >
  Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release
  without any new features.

---