blob: 72b99749e8229be5b7766f9f1303ab28fe260757 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
---
-
name: IRSSI-SA-2016
release_date: 2016-09-14
git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
bugs:
-
cve: CVE-2016-7044
exploitable_by: client
important: True
affected_versions:
from: 0.8.17
to: 0.8.19
affected_note_bottom: '(with truecolor)'
fixed_version: 0.8.20
credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
description: 'Remote crash and heap corruption in format parsing code'
-
cve: CVE-2016-7045
exploitable_by: client
important: True
affected_versions:
from: 0.8.17
to: 0.8.19
fixed_version: 0.8.20
credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
description: 'Remote crash and heap corruption in format parsing code'
-
name: BUF-PL-SA-2016
affected_note: buf.pl
release_date: 2016-09-09
git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
repo: scripts.irssi.org
bugs:
-
cve: CVE-2016-7553
exploitable_by: local
affected_versions:
from: '*'
to: '2.13'
fixed_version: '2.20'
credit: 'Juerd Waalboer'
description: 'Information disclosure vulnerability'
-
name: IRSSI-SA-2017-01
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
bugs:
-
cve: CVE-2017-5193
exploitable_by: server
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: 'Joseph Bisch'
description: 'NULL pointer dereference in the nickcmp function'
-
cve: CVE-2017-5194
exploitable_by: server
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: ~
description: 'Use after free when receiving invalid nick message'
-
cve: CVE-2017-5356
exploitable_by: formats
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: 'Hanno Böck'
description: 'Out of bounds read when printing the value %['
-
cve: CVE-2017-5195
exploitable_by: client
affected_versions:
from: 0.8.17
to: 0.8.20
fixed_version: 0.8.21
credit: 'Joseph Bisch'
description: 'Out of bounds read in certain incomplete control codes'
-
cve: CVE-2017-5196
exploitable_by: server
affected_versions:
from: 0.8.18
to: 0.8.20
fixed_version: 0.8.21
credit: 'Hanno Böck and independently by Joseph Bisch'
description: 'Out of bounds read in certain incomplete character sequences'
-
name: IRSSI-SA-2017-03
release_date: 2017-03-10
git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
bugs:
-
cve: CVE-2017-7191
exploitable_by: server
important: True
affected_versions:
from: 1.0.0
to: 1.0.1
fixed_version: 1.0.2
credit: APic
description: 'Use after free while producing list of netjoins'
-
name: IRSSI-SA-2017-06
release_date: 2017-06-06
git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55
bugs:
-
cve: CVE-2017-9468
exploitable_by: server
affected_versions:
from: '*'
to: 1.0.2
fixed_version: 1.0.3
credit: 'Joseph Bisch'
description: 'NULL pointer dereference when receiving a DCC message without source nick/host'
-
cve: CVE-2017-9469
exploitable_by: client
affected_versions:
from: '*'
to: 1.0.2
fixed_version: 1.0.3
credit: 'Joseph Bisch'
description: 'Out of bounds read when parsing incorrectly quoted DCC files'
|