CVE-2017-15227 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. To be exploited, this issue requires a broken IRCd or control over the IRCd.
Group Package Affected Fixed Severity Status Ticket
AVG-461 irssi 1.0.4-3 1.0.5-1 High Fixed
Date Advisory Group Package Severity Description
22 Oct 2017 ASA-201710-30 AVG-461 irssi High multiple issues
References
https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b90
https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee7718215
https://irssi.org/security/irssi_sa_2017_10.txt