IRSSI-SA-2017-07 Irssi Security Advisory [1]
============================================
CVE-2017-10965, CVE-2017-10966

Description
-----------

Two vulnerabilities have been located in Irssi.

(a) When receiving messages with invalid time stamps, Irssi would try
    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter of
    Geeknik Labs. (CWE-690)

    CVE-2017-10965 [2] was assigned to this issue.

(b) While updating the internal nick list, Irssi may incorrectly use
    the GHashTable interface and free the nick while updating it. This
    will then result in use-after-free conditions on each access of the
    hash table. Found by Brian 'geeknik' Carpenter of Geeknik Labs.
    (CWE-416 caused by CWE-227)

    CVE-2017-10966 [3] was assigned to this issue.


Impact
------

(a) May result in denial of service (remote crash).

(b) Undefined behaviour.


Affected versions
-----------------

(a) All Irssi versions that we observed

(b) All Irssi versions that we observed


Fixed in
--------

Irssi 1.0.4


Recommended action
------------------

Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the 1.0
series, without any new features.

After installing the updated packages, one can issue the /upgrade
command to load the new binary. TLS connections will require /reconnect.


Mitigating facts
----------------

(a) requires control over the ircd

(b) should not happen with a conforming ircd


Patch
-----

https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291


References
----------

[1] https://irssi.org/security/irssi_sa_2017_07.txt
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966