Project

General

Profile

Bug #7512

irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)

Added by Alicha CH about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
07/12/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:

Description

CVE-2017-10965: When receiving messages with invalid time stamps, Irssi would try
to dereference a NULL pointer.

Fixed in:

Irssi 1.0.4

References:

https://irssi.org/security/irssi_sa_2017_07.txt
http://openwall.com/lists/oss-security/2017/07/07/3

Patch:

https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291

CVE-2017-10966: While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and
free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.

Fixed in:

Irssi 1.0.4

References:

https://irssi.org/security/irssi_sa_2017_07.txt
http://openwall.com/lists/oss-security/2017/07/07/3

Patch:

https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291


Subtasks

Bug #7513: [3.7] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)ClosedNatanael Copa

Bug #7514: [3.6] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)ClosedNatanael Copa

Bug #7515: [3.5] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)ClosedNatanael Copa

Bug #7516: [3.4] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)ClosedNatanael Copa

Bug #7517: [3.3] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)ClosedNatanael Copa

History

#1 Updated by Francesco Colista about 1 year ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF