CVE-2017-15227 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. To be exploited, this issue requires a broken IRCd or control over the IRCd.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-461	irssi	1.0.4-3	1.0.5-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Oct 2017	ASA-201710-30	AVG-461	irssi	High	multiple issues

References
https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b90 https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee7718215 https://irssi.org/security/irssi_sa_2017_10.txt

References

https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b90
https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee7718215
https://irssi.org/security/irssi_sa_2017_10.txt