IRSSI-SA-2017-03 Irssi Security Advisory [1]

use after free condition during netjoin processing



  1. Use after free while producing list of netjoins (CWE-416)

    This issue was found and reported to us by APic.

    See CVE-2018-7054 for an update regarding this issue, this fix was incomplete.

    CVE-2017-7191 [2] was assigned to this issue.


This issue usually leads to segmentation faults. Targeted code execution should be difficult.

Affected versions

  1. Irssi 1.0.0 and later

    We believe Irssi 0.8.21 and prior are not affected since a different code path causes the netjoins to be flushed prior to reaching the use after free condition.

Fixed in

Irssi 1.0.7, 1.1.1

Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release without any new features.