Vulnerabilities > Irssi > Irssi > 0.8.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-03 | CVE-2017-5194 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | 5.0 |
2017-03-03 | CVE-2017-5193 | NULL Pointer Dereference vulnerability in multiple products The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | 5.0 |
2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 5.0 |
2016-09-27 | CVE-2016-7044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 5.0 |
2010-04-16 | CVE-2010-1156 | Unspecified vulnerability in Irssi core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. network irssi | 4.3 |
2010-04-16 | CVE-2010-1155 | Improper Input Validation vulnerability in Irssi Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. | 6.8 |
2007-08-18 | CVE-2007-4397 | Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 6.8 |