diff options
Diffstat (limited to '_data/security.yml')
-rw-r--r-- | _data/security.yml | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/_data/security.yml b/_data/security.yml index 72b9974..f229a7c 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -1,5 +1,112 @@ --- - + name: Historic + bugs: + - + cve: CVE-2002-0983 + exploitable_by: client + affected_versions: + from: '*' + to: 0.8.4 + fixed_version: 0.8.6 + git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd + credit: ripe@7a69ezine.org + description: | + Denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. + - + cve: CVE-2002-1840 + exploitable_by: remote + important: True + affected_versions: + from: 0.8.4 + to: 0.8.4 + affected_note_bottom: 'downloaded after 2002-03-14' + description: | + The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature! +- + name: 0.8.9 issues + release_date: 2003-12-11 + bugs: + - + cve: CVE-2003-1020 + exploitable_by: client + affected_versions: + from: '*' + to: 0.8.8 + fixed_version: 0.8.9 + git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d + credit: Rico Gloeckner + description: | + The format_send_to_gui function allows remote IRC users to cause a denial of service (crash). +- + name: 0.8.10 issues + release_date: 2006-03-01 + bugs: + - + cve: CVE-2006-0458 + exploitable_by: client + affected_versions: + from: 0.8.9+ + to: 0.8.9+ + fixed_version: 0.8.10 + git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d + description: | + The DCC ACCEPT command handler allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command. +- + name: 0.8.11 issues + release_date: 2007-08-12 + bugs: + - + cve: CVE-2007-4396 + exploitable_by: local (remote) + affected_versions: + from: '*' + to: 0.8.10 + fixed_version: 0.8.11 + git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c + credit: 'Wouter Coekaerts' + description: | + Multiple CRLF injection vulnerabilities in several scripts for Irssi allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences. +- + name: 0.8.14 issues + release_date: 2009-05-28 + bugs: + - + cve: CVE-2009-1959 + exploitable_by: client + affected_versions: + from: '*' + to: 0.8.13 + fixed_version: 0.8.14 + git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1 + credit: nemo@felinemenace.org + description: | + Off-by-one error in the event_wallops function allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow. +- + name: 0.8.15 issues + release_date: 2010-04-03 + bugs: + - + cve: CVE-2010-1155 + affected_versions: + from: '*' + to: 0.8.14 + fixed_version: 0.8.15 + git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328 + description: | + Irssi does not verify that the server hostname matches a domain name in the SSL certificate. + - + cve: CVE-2010-1156 + exploitable_by: client + affected_versions: + from: '*' + to: 0.8.14 + fixed_version: 0.8.15 + git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680 + credit: 'Aurelien Delaitre (SATE 2009)' + description: | + core/nicklist.c in Irssi allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. +- name: IRSSI-SA-2016 release_date: 2016-09-14 git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b @@ -92,6 +199,31 @@ credit: 'Hanno Böck and independently by Joseph Bisch' description: 'Out of bounds read in certain incomplete character sequences' - + name: Bulletin + release_date: 2017-02-05 + link: http://www.openwall.com/lists/oss-security/2017/02/05/8 + bugs: + - + name: '(a)' + exploitable_by: server + affected_versions: + from: 1.0.0 + to: 1.0.0 + fixed_version: 1.0.1 + credit: 'Joseph Bisch' + description: 'Memory leak in some cases where a hostile server would send certain incomplete SASL replies' + git_commit: 19c51789967a2f63da033e60f6ef08848b9cd144 + - + name: '(b)' + exploitable_by: '-' + affected_versions: + from: '*' + to: 1.0.0 + fixed_version: 1.0.1 + credit: 'Hanno Böck' + description: 'Missing NULL sentinel when initialising the Perl interpreter' + git_commit: 1f42d2aa950e4d70bf4c4aebae3a7040bd710cf3 +- name: IRSSI-SA-2017-03 release_date: 2017-03-10 git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 |