irssi (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package irssi, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (27)
CVE-2018-7054 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during…
CVE-2018-5208 — CVSS 9.8 (critical): In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
CVE-2017-10965 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL…
CVE-2017-10966 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface…
CVE-2018-5206 — CVSS 9.8 (critical): When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
CVE-2018-7053 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an…
CVE-2019-13045 — CVSS 8.1 (high): Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the…
CVE-2017-5195 — CVSS 7.5 (high): Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color…
CVE-2016-7044 — CVSS 7.5 (high): The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote…
CVE-2017-9468 — CVSS 7.5 (high): In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC…
CVE-2017-9469 — CVSS 7.5 (high): In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the…
CVE-2018-5205 — CVSS 7.5 (high): When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-5207 — CVSS 7.5 (high): When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-7050 — CVSS 7.5 (high): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-7051 — CVSS 7.5 (high): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing…
CVE-2018-7052 — CVSS 7.5 (high): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due…
CVE-2017-5196 — CVSS 7.5 (high): Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving…
CVE-2016-7045 — CVSS 7.5 (high): The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service…
CVE-2017-15227 — CVSS 7.5 (high): Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list…
CVE-2017-15228 — CVSS 7.5 (high): Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
CVE-2017-15721 — CVSS 7.5 (high): In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but…
CVE-2017-15723 — CVSS 7.5 (high): In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
CVE-2017-5193 — CVSS 7.5 (high): The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a…
CVE-2017-5194 — CVSS 7.5 (high): Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick…
CVE-2017-15722 — CVSS 5.9 (medium): In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.
CVE-2016-7553 — CVSS 3.3 (low): The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which…