FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  499927
Date:      2019-04-25
Time:      02:05:05Z
Committer: acm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d6be69b-d365-11e6-a071-001e67f15f5aIrssi -- multiple vulnerabilities

Irssi reports:

Five vulnerabilities have been located in Irssi

  • A NULL pointer dereference in the nickcmp function found by Joseph Bisch. (CWE-690)
  • Use after free when receiving invalid nick message (Issue #466, CWE-146)
  • Out of bounds read in certain incomplete control codes found by Joseph Bisch. (CWE-126)
  • Out of bounds read in certain incomplete character sequences found by Hanno Böck and independently by J. Bisch. (CWE-126)
  • Out of bounds read when Printing the value '%['. Found by Hanno Böck. (CWE-126)

These issues may result in denial of service (remote crash).


Discovery 2017-01-03
Entry 2017-01-05
Modified 2017-01-15
irssi
lt 0.8.21

CVE-2017-5193
CVE-2017-5194
CVE-2017-5195
CVE-2017-5196
CVE-2017-5356
ports/215800
https://irssi.org/security/irssi_sa_2017_01.txt
31001c6b-63e7-11e7-85aa-a4badb2f4699irssi -- multiple vulnerabilities

irssi reports:

When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.


Discovery 2017-07-05
Entry 2017-07-08
irssi
lt 1.0.4,1

https://irssi.org/security/irssi_sa_2017_07.txt
CVE-2017-10965
CVE-2017-10966
ports/220544
3b7967f1-49e8-11df-83fb-0015587e2cc1irssi -- multiple vulnerabilities

Two vulnerabilities have found in irssi. The first issue could allow man-in-the-middle attacks due to a missing comparison of SSL server hostnames and the certificate domain names (e.g. CN).

A second vulnerability, related to the nick matching code, could be triggered by remote attackers in order to crash an irssi client when leaving a channel.


Discovery 2010-04-16
Entry 2010-04-19
irssi
lt 0.8.15

zh-irssi
lt 0.8.15

irssi-devel
lt 20100325

CVE-2010-1155
CVE-2010-1156
http://xforce.iss.net/xforce/xfdb/57790
http://xforce.iss.net/xforce/xfdb/57791
7afc5e56-156d-11e8-95f2-005056925db4irssi -- multiple vulnerabilities

Irssi reports:

Use after free when server is disconnected during netsplits. Found by Joseph Bisch.

Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch.

Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch.

When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. Found by Joseph Bisch.

Certain nick names could result in out of bounds access when printing theme strings. Found by Oss-Fuzz.


Discovery 2018-02-15
Entry 2018-02-19
Modified 2018-02-22
irssi
lt 1.1.1,1

https://irssi.org/security/irssi_sa_2018_02.txt
CVE-2018-7054
CVE-2018-7053
CVE-2018-7052
CVE-2018-7051
CVE-2018-7050
ports/226001
3b7967f1-49e8-11df-83fb-0015587e2cc1irssi -- multiple vulnerabilities

Two vulnerabilities have found in irssi. The first issue could allow man-in-the-middle attacks due to a missing comparison of SSL server hostnames and the certificate domain names (e.g. CN).

A second vulnerability, related to the nick matching code, could be triggered by remote attackers in order to crash an irssi client when leaving a channel.


Discovery 2010-04-16
Entry 2010-04-19
irssi
lt 0.8.15

zh-irssi
lt 0.8.15

irssi-devel
lt 20100325

CVE-2010-1155
CVE-2010-1156
http://xforce.iss.net/xforce/xfdb/57790
http://xforce.iss.net/xforce/xfdb/57791
a3764767-f31e-11e7-95f2-005056925db4irssi -- multiple vulnerabilities

Irssi reports:

When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch.

When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch.

A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Found by Joseph Bisch.

When using an incomplete variable argument, Irssi may access data beyond the end of the string. Found by Joseph Bisch.


Discovery 2018-01-03
Entry 2018-01-06
irssi
lt 1.0.6,1

https://irssi.org/security/irssi_sa_2018_01.txt
CVE-2018-5205
CVE-2018-5206
CVE-2018-5207
CVE-2018-5208
ports/224954
165e8951-4be0-11e7-a539-0050569f7e80irssi -- remote DoS

Joseph Bisch reports:

When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer.

When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory.


Discovery 2017-06-06
Entry 2017-06-08
irssi
lt 1.0.3

CVE-2017-9468
CVE-2017-9469
https://irssi.org/security/irssi_sa_2017_06.txt
85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1irssi -- multiple vulnerabilities

Irssi reports:

When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string.

While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.

Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference.

Overlong nicks or targets may result in a NULL pointer dereference while splitting the message.

In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.


Discovery 2017-10-10
Entry 2017-10-22
Modified 2017-12-31
irssi
lt 1.0.5,1

https://irssi.org/security/irssi_sa_2017_10.txt
CVE-2017-15721
CVE-2017-15722
CVE-2017-15723
CVE-2017-15227
CVE-2017-15228
ports/223169