Vulnerabilities > Irssi > Irssi > 0.8.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-03 | CVE-2017-5194 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | 5.0 |
2017-03-03 | CVE-2017-5193 | NULL Pointer Dereference vulnerability in multiple products The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | 5.0 |
2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 5.0 |
2016-09-27 | CVE-2016-7044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 5.0 |
2010-04-16 | CVE-2010-1156 | Unspecified vulnerability in Irssi core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. network irssi | 4.3 |
2010-04-16 | CVE-2010-1155 | Improper Input Validation vulnerability in Irssi Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. | 6.8 |