Vulnerabilities > Irssi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-15228 | Out-of-bounds Read vulnerability in Irssi Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | 5.0 |
| 2017-10-22 | CVE-2017-15227 | Use After Free vulnerability in Irssi Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. | 5.0 |
| 2017-06-07 | CVE-2017-9469 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. | 5.0 |
| 2017-06-07 | CVE-2017-9468 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. | 5.0 |
| 2017-03-03 | CVE-2017-5356 | Out-of-bounds Read vulnerability in multiple products Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | 5.0 |
| 2017-03-03 | CVE-2017-5196 | Out-of-bounds Read vulnerability in Irssi 0.8.18/0.8.19/0.8.20 Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | 5.0 |
| 2017-03-03 | CVE-2017-5195 | Out-of-bounds Read vulnerability in Irssi Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | 5.0 |
| 2017-03-03 | CVE-2017-5194 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | 5.0 |
| 2017-03-03 | CVE-2017-5193 | NULL Pointer Dereference vulnerability in multiple products The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | 5.0 |
| 2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 5.0 |