Vulnerabilities > Irssi > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-29 CVE-2019-13045 Use After Free vulnerability in Irssi
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
network
high complexity
irssi CWE-416
8.1
8.1
2018-02-15 CVE-2018-7052 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-476
7.5
7.5
2018-02-15 CVE-2018-7051 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-125
7.5
7.5
2018-02-15 CVE-2018-7050 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-476
7.5
7.5
2018-01-06 CVE-2018-5207 Use of Externally-Controlled Format String vulnerability in multiple products
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
network
low complexity
irssi debian CWE-134
7.5
7.5
2018-01-06 CVE-2018-5205 Use of Externally-Controlled Format String vulnerability in multiple products
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
network
low complexity
irssi debian canonical CWE-134
7.5
7.5
2017-10-22 CVE-2017-15723 NULL Pointer Dereference vulnerability in multiple products
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
network
low complexity
irssi debian CWE-476
7.5
7.5
2017-10-22 CVE-2017-15721 NULL Pointer Dereference vulnerability in multiple products
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference.
network
low complexity
irssi debian CWE-476
7.5
7.5
2017-10-22 CVE-2017-15228 Out-of-bounds Read vulnerability in Irssi
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
network
low complexity
irssi CWE-125
7.5
7.5
2017-10-22 CVE-2017-15227 Use After Free vulnerability in Irssi
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.
network
low complexity
irssi CWE-416
7.5
7.5