Vulnerabilities > Irssi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2017-9469 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. | 7.5 |
| 2017-06-07 | CVE-2017-9468 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. | 7.5 |
| 2017-03-03 | CVE-2017-5356 | Out-of-bounds Read vulnerability in multiple products Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | 7.5 |
| 2017-03-03 | CVE-2017-5196 | Out-of-bounds Read vulnerability in Irssi 0.8.18/0.8.19/0.8.20 Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | 7.5 |
| 2017-03-03 | CVE-2017-5195 | Out-of-bounds Read vulnerability in Irssi Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | 7.5 |
| 2017-03-03 | CVE-2017-5194 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | 7.5 |
| 2017-03-03 | CVE-2017-5193 | NULL Pointer Dereference vulnerability in multiple products The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | 7.5 |
| 2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 7.5 |
| 2016-09-27 | CVE-2016-7044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 7.5 |