FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

irssi -- multiple vulnerabilities

Affected packages
irssi < 1.0.4,1

Details

VuXML ID 31001c6b-63e7-11e7-85aa-a4badb2f4699
Discovery 2017-07-05
Entry 2017-07-08

irssi reports:

When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.

References

CVE Name CVE-2017-10965
CVE Name CVE-2017-10966
FreeBSD PR ports/220544
URL https://irssi.org/security/irssi_sa_2017_07.txt