vulnerability

Arch Linux: Arbitrary code execution (CVE-2017-10966)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jul 7, 2017	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jul 7, 2017

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Note that this should not happen with a conforming IRC server, so it requires control over the IRC server or a position of man-in-the-middle to be exploitable.

Solution

arch-linux-upgrade-latest

References

CVE-2017-10966
https://attackerkb.com/topics/CVE-2017-10966
URL-https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
URL-https://irssi.org/security/irssi_sa_2017_07.txt
URL-https://security.archlinux.org/ASA-201707-13
URL-https://www.debian.org/security/2017/dsa-4016
CWE-416

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today