Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-15227 - log back

CVE-2017-15227 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Arbitrary code execution

Description

+	While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. To be exploited, this issue requires a broken IRCd or control over the IRCd.

References

+	https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b90
+	https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee7718215
+	https://irssi.org/security/irssi_sa_2017_10.txt

Notes