CVE-2017-10966

An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291	Issue Tracking Patch Third Party Advisory
https://irssi.org/security/irssi_sa_2017_07.txt	Patch Vendor Advisory
https://www.debian.org/security/2017/dsa-4016

Configurations

Configuration 1 (hide)

cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-07 14:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-10966

Mitre link : CVE-2017-10966

CVE.ORG link : CVE-2017-10966

JSON object : View

Products Affected

irssi

irssi

CWE

CWE-416

Use After Free

{"id": "CVE-2017-10966", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-07T14:29:00.360", "references": [{"url": "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://irssi.org/security/irssi_sa_2017_07.txt", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2017/dsa-4016", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Irssi anterior a versi\u00f3n 1.0.4. Al actualizar la lista de nick interna, Irssi podr\u00eda usar incorrectamente la interfaz de GHashTable y liberar el nick al actualizarlo. Esto resultar\u00eda luego en condiciones de uso de memoria previamente liberada en cada acceso de la tabla de hash."}], "lastModified": "2017-11-05T01:29:00.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE14BB61-3A65-4C86-9F07-238F5849277F", "versionEndIncluding": "1.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}