CVE-2017-15227

Published: 22 October 2017

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
irssi Launchpad, Ubuntu, Debian	upstream	Released (1.0.5)
	precise	Does not exist
	trusty	Does not exist (trusty was released [0.8.15-5ubuntu3.3])
	xenial	Released (0.8.19-1ubuntu1.5)
	zesty	Released (0.8.20-2ubuntu2.2)
	artful	Released (1.0.4-1ubuntu2.1)
	Patches: upstream: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15227
http://openwall.com/lists/oss-security/2017/10/22/4
https://irssi.org/security/irssi_sa_2017_10.txt
https://ubuntu.com/security/notices/USN-3465-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879521

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›