Vulnerabilities > Irssi > Irssi > 0.8.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-15722 | Out-of-bounds Read vulnerability in multiple products In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | 5.9 |
| 2017-10-22 | CVE-2017-15721 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. | 7.5 |
| 2017-10-22 | CVE-2017-15228 | Out-of-bounds Read vulnerability in Irssi Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | 7.5 |
| 2017-10-22 | CVE-2017-15227 | Use After Free vulnerability in Irssi Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. | 7.5 |
| 2017-07-07 | CVE-2017-10966 | Use After Free vulnerability in Irssi An issue was discovered in Irssi before 1.0.4. | 9.8 |
| 2017-07-07 | CVE-2017-10965 | NULL Pointer Dereference vulnerability in Irssi An issue was discovered in Irssi before 1.0.4. | 9.8 |
| 2017-06-07 | CVE-2017-9469 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. | 7.5 |
| 2017-06-07 | CVE-2017-9468 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. | 7.5 |
| 2017-03-27 | CVE-2017-7191 | Use After Free vulnerability in Irssi The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-03-03 | CVE-2017-5356 | Out-of-bounds Read vulnerability in multiple products Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | 7.5 |