CVE-2017-10966

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Note that this should not happen with a conforming IRC server, so it requires control over the IRC server or a position of man-in-the-middle to be exploitable.
Group Package Affected Fixed Severity Status Ticket
AVG-342 irssi 1.0.3-1 1.0.4-1 Critical Fixed
Date Advisory Group Package Severity Description
13 Jul 2017 ASA-201707-13 AVG-342 irssi Critical denial of service
References
https://irssi.org/security/irssi_sa_2017_07.txt