1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
---
# New issues go to _security/irssi_sa_YYYY_MM.txt
# -
# name: Name of the bug group / security advisory, e.g.: IRSSI-SA-2099-01
# link: link to the advisory, e.g.: http://www.openwall.com/xxx (optional)
# affected_note: Some additional info for the Versions column, e.g.: script.pl if group affects only a single script (optional)
# release_date: date of release in YYYY-mm-dd format, e.g.: 2099-01-02
# repo: repository for the git commit, e.g.: scripts.irssi.org (optional, defaults to irssi)
# git_commit: git commit for the whole advisory (optional)
# # List of bugs
# bugs:
# -
# cve: CVE of bug, e.g.: CVE-2099-0999 (optional)
# name: name for the bug (in reference to the group), e.g.: (a) (optional)
# link: link to more information about the bug (optional)
# # additional external links to display in the first column (optional)
# external_links:
# -
# id: text for the link
# url: href for the link
# -
# # add more links here...
# exploitable_by: one of server/client/local/formats/local (remote)/remote
# affected_note_top: some remark to show on a row before the versions (optional)
# # which versions are affected
# affected_versions:
# from: first version affected
# to: last version affected
# affected_note_bottom: some remarks to show below the versions, e.g.: only with compile flags xxx
# fixed_version: first version with the fix
# repo: repository for the git commit, e.g.: scripts.irssi.org (optional, defaults to irssi)
# git_commit: git commit of the individual bug fix (optional)
# credit: whom to credit for the discovery
# description: Content of the description column
# -
# # add the next bug here...
# -
# # Add the next bug group / security advisory here...
-
name: Historic
bugs:
-
cve: CVE-2002-0983
exploitable_by: client
affected_versions:
to: 0.8.4
fixed_version: 0.8.6
git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd
credit: ripe@7a69ezine.org
description: |
Denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
-
cve: CVE-2002-1840
exploitable_by: remote
affected_versions:
from: 0.8.4
affected_note_bottom: 'downloaded after 2002-03-14'
description: |
The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature!
-
name: 0.8.9 issues
release_date: 2003-12-11
bugs:
-
cve: CVE-2003-1020
exploitable_by: client
affected_versions:
to: 0.8.8
fixed_version: 0.8.9
git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d
credit: Rico Gloeckner
description: |
The format_send_to_gui function allows remote IRC users to cause a denial of service (crash).
-
name: 0.8.10 issues
release_date: 2006-03-01
bugs:
-
cve: CVE-2006-0458
exploitable_by: client
affected_versions:
from: 0.8.9+
fixed_version: 0.8.10
git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d
description: |
The DCC ACCEPT command handler allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
-
name: 0.8.11 issues
release_date: 2007-08-12
bugs:
-
cve: CVE-2007-4396
exploitable_by: local (remote)
affected_versions:
to: 0.8.10
fixed_version: 0.8.11
git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c
credit: 'Wouter Coekaerts'
description: |
Multiple CRLF injection vulnerabilities in several scripts for Irssi allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences.
-
name: 0.8.14 issues
release_date: 2009-05-28
bugs:
-
cve: CVE-2009-1959
exploitable_by: client
affected_versions:
to: 0.8.13
fixed_version: 0.8.14
git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1
credit: nemo@felinemenace.org
description: |
Off-by-one error in the event_wallops function allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
-
name: 0.8.15 issues
release_date: 2010-04-03
bugs:
-
cve: CVE-2010-1155
affected_versions:
to: 0.8.14
fixed_version: 0.8.15
git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328
description: |
Irssi does not verify that the server hostname matches a domain name in the SSL certificate.
-
cve: CVE-2010-1156
exploitable_by: client
affected_versions:
to: 0.8.14
fixed_version: 0.8.15
git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680
credit: 'Aurelien Delaitre (SATE 2009)'
description: |
core/nicklist.c in Irssi allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
# New issues go to _security/irssi_sa_YYYY_MM.txt
|
