Download
| Alert*
CVE-2017-5356
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). CVE-2017-5195 Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. CVE-2017-5196 Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. CVE-2017-5193 The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. CVE-2017-5194 Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. CVE-2018-5205 When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. CVE-2018-5208 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. CVE-2018-5207 When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. CVE-2018-5206 When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. CVE-2018-7050 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. CVE-2018-7051 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. CVE-2018-7052 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. CVE-2018-7053 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. CVE-2018-7054 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. CVE-2019-13045 Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. |