Subject: [ASA-201707-13] irssi: denial of service Arch Linux Security Advisory ASA-201707-13 ========================================== Severity: Critical Date : 2017-07-13 CVE-ID : CVE-2017-10965 CVE-2017-10966 Package : irssi Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-342 Summary ======= The package irssi before version 1.0.4-1 is vulnerable to denial of service including arbitrary code execution and denial of service. Resolution ========== Upgrade to 1.0.4-1. # pacman -Syu "irssi>=1.0.4-1" The problems have been fixed upstream in version 1.0.4. Workaround ========== None. Description =========== - CVE-2017-10965 (denial of service) When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. This requires control over the IRC server, or a position of man-in-the-middle to be exploited. - CVE-2017-10966 (arbitrary code execution) While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Note that this should not happen with a conforming IRC server, so it requires control over the IRC server or a position of man-in-the- middle to be exploitable. Impact ====== A remote attacker in position of man-in-the-middle or controlling the IRC server might be able to crash or execute arbitrary code on an affected host. References ========== https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 https://irssi.org/security/irssi_sa_2017_07.txt https://security.archlinux.org/CVE-2017-10965 https://security.archlinux.org/CVE-2017-10966