CVE-2017-15227 - log back

CVE-2017-15227 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. To be exploited, this issue requires a broken IRCd or control over the IRCd.
References
+ https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b90
+ https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee7718215
+ https://irssi.org/security/irssi_sa_2017_10.txt
Notes