vulnerability
Arch Linux: Arbitrary code execution (CVE-2017-10966)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 7, 2017 | Jul 11, 2025 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 7, 2017
Added
Jul 11, 2025
Modified
Mar 25, 2026
Description
While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Note that this should not happen with a conforming IRC server, so it requires control over the IRC server or a position of man-in-the-middle to be exploitable.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-10966
- https://attackerkb.com/topics/CVE-2017-10966
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-2604
- https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
- https://irssi.org/security/irssi_sa_2017_07.txt
- https://security.archlinux.org/ASA-201707-13
- https://www.debian.org/security/2017/dsa-4016
- CWE-416
- EUVD-EUVD-2017-2604
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.