VuXML ID | Description |
7afc5e56-156d-11e8-95f2-005056925db4 | irssi -- multiple vulnerabilities
Irssi reports:
Use after free when server is disconnected during netsplits.
Found by Joseph Bisch.
Use after free when SASL messages are received in unexpected order.
Found by Joseph Bisch.
Null pointer dereference when an âemptyâ nick has been observed by
Irssi. Found by Joseph Bisch.
When the number of windows exceed the available space, Irssi would
crash due to Null pointer dereference. Found by Joseph Bisch.
Certain nick names could result in out of bounds access when printing
theme strings. Found by Oss-Fuzz.
Discovery 2018-02-15 Entry 2018-02-19 Modified 2018-02-22 irssi
< 1.1.1,1
https://irssi.org/security/irssi_sa_2018_02.txt
CVE-2018-7054
CVE-2018-7053
CVE-2018-7052
CVE-2018-7051
CVE-2018-7050
ports/226001
|
165e8951-4be0-11e7-a539-0050569f7e80 | irssi -- remote DoS
Joseph Bisch reports:
When receiving a DCC message without source nick/host, Irssi would
attempt to dereference a NULL pointer.
When receiving certain incorrectly quoted DCC files, Irssi would
try to find the terminating quote one byte before the allocated
memory.
Discovery 2017-06-06 Entry 2017-06-08 irssi
< 1.0.3
CVE-2017-9468
CVE-2017-9469
https://irssi.org/security/irssi_sa_2017_06.txt
|
a3764767-f31e-11e7-95f2-005056925db4 | irssi -- multiple vulnerabilities
Irssi reports:
When the channel topic is set without specifying a sender, Irssi
may dereference NULL pointer. Found by Joseph Bisch.
When using incomplete escape codes, Irssi may access data beyond
the end of the string. Found by Joseph Bisch.
A calculation error in the completion code could cause a heap
buffer overflow when completing certain strings.
Found by Joseph Bisch.
When using an incomplete variable argument, Irssi may access data
beyond the end of the string. Found by Joseph Bisch.
Discovery 2018-01-03 Entry 2018-01-06 irssi
< 1.0.6,1
https://irssi.org/security/irssi_sa_2018_01.txt
CVE-2018-5205
CVE-2018-5206
CVE-2018-5207
CVE-2018-5208
ports/224954
|
475f952c-9b29-11e9-a8a5-6805ca0b38e8 | irssi -- Use after free when sending SASL login to the server
Irssi reports:
Use after free when sending SASL login to the server found by ilbelkyr. (CWE-416, CWE-825)
Discovery 2019-06-29 Entry 2019-07-01 irssi
< 1.2.1,1
https://irssi.org/security/irssi_sa_2019_06.txt
CVE-2019-13045
|
31001c6b-63e7-11e7-85aa-a4badb2f4699 | irssi -- multiple vulnerabilities
irssi reports:
When receiving messages with invalid time stamps, Irssi
would try to dereference a NULL pointer.
While updating the internal nick list, Irssi may
incorrectly use the GHashTable interface and free the nick while
updating it. This will then result in use-after-free conditions on each
access of the hash table.
Discovery 2017-07-05 Entry 2017-07-08 irssi
< 1.0.4,1
https://irssi.org/security/irssi_sa_2017_07.txt
CVE-2017-10965
CVE-2017-10966
ports/220544
|
85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1 | irssi -- multiple vulnerabilities
Irssi reports:
When installing themes with unterminated colour formatting
sequences, Irssi may access data beyond the end of the string.
While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state later
on.
Certain incorrectly formatted DCC CTCP messages could cause NULL
pointer dereference.
Overlong nicks or targets may result in a NULL pointer dereference
while splitting the message.
In certain cases Irssi may fail to verify that a Safe channel ID
is long enough, causing reads beyond the end of the string.
Discovery 2017-10-10 Entry 2017-10-22 Modified 2017-12-31 irssi
< 1.0.5,1
https://irssi.org/security/irssi_sa_2017_10.txt
CVE-2017-15721
CVE-2017-15722
CVE-2017-15723
CVE-2017-15227
CVE-2017-15228
ports/223169
|