Detections
Analytics

FreeBSD : irssi -- multiple vulnerabilities (31001c6b-63e7-11e7-85aa-a4badb2f4699)

critical Nessus Plugin ID 101330

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

irssi reports :

When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.

Solution

Update the affected package.

See Also

https://irssi.org/security/irssi_sa_2017_07.txt

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220544

http://www.nessus.org/u?c5433978

Plugin Details

Severity: Critical

ID: 101330

File Name: freebsd_pkg_31001c6b63e711e785aaa4badb2f4699.nasl

Version: 3.5

Type: local

Published: 7/10/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:irssi, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/8/2017

Vulnerability Publication Date: 7/5/2017

Reference Information

CVE: CVE-2017-10965, CVE-2017-10966