Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Irssi
(Irssi)| Repositories |
• https://github.com/irssi/irssi
• https://github.com/ensc/irssi-proxy |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-06 | CVE-2018-5208 | In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | Debian_linux, Irssi | 9.8 | ||
| 2018-01-06 | CVE-2018-5207 | When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | Debian_linux, Irssi | 7.5 | ||
| 2018-01-06 | CVE-2018-5206 | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | Debian_linux, Irssi | 9.8 | ||
| 2018-01-06 | CVE-2018-5205 | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | Ubuntu_linux, Debian_linux, Irssi | 7.5 | ||
| 2017-06-06 | CVE-2017-9469 | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. | Debian_linux, Irssi | 7.5 | ||
| 2017-06-06 | CVE-2017-9468 | In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | Debian_linux, Irssi | 7.5 | ||
| 2017-03-27 | CVE-2017-7191 | The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | Irssi | 9.8 | ||
| 2017-03-03 | CVE-2017-5356 | Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | Debian_linux, Irssi | 7.5 | ||
| 2017-03-03 | CVE-2017-5196 | Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | Irssi | 7.5 | ||
| 2017-03-03 | CVE-2017-5195 | Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | Irssi | 7.5 |