Описание
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| irssi | fixed | 1.0.7-1 | package | |
| irssi | not-affected | jessie | package | |
| irssi | not-affected | wheezy | package |
Примечания
https://irssi.org/security/irssi_sa_2018_02.txt
Some netsplit related changes as introduced in 1.0.0 were reverted:
https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
But the CVE is specifically for the use-after-free issue.
EPSS
Связанные уязвимости
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
Уязвимость IRC-клиента Irssi для операционных систем Debian GNU/Linux и Ubuntu, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS