CVE-2018-7054

moderate-risk
Published 2018-02-15

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.

Do I need to act?

-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 50b2c910ad6e426e536038294543a51b7cf2e7be
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Debian Irssi Canonical

References (10)

Mailing List http://openwall.com/lists/oss-security/2018/02/15/1
Mitigation https://irssi.org/security/irssi_sa_2018_02.txt
Third Party Advisory https://usn.ubuntu.com/3590-1/
https://usn.ubuntu.com/4046-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4162
Mailing List http://openwall.com/lists/oss-security/2018/02/15/1
Mitigation https://irssi.org/security/irssi_sa_2018_02.txt
Third Party Advisory https://usn.ubuntu.com/3590-1/
https://usn.ubuntu.com/4046-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4162
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 13/34 · Low