blob: a87cde87d5ee930141b2619599178ad60df90c1c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
---
-
name: IRSSI-SA-2016
release_date: 2016-09-14
git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
bugs:
-
cve: CVE-2016-7044
exploitable_by: client
affected_versions:
from: 0.8.17
to: 0.8.19
affected_note_bottom: '(with truecolor)'
fixed_version: 0.8.20
credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
description: 'Remote crash and heap corruption in format parsing code'
-
cve: CVE-2016-7045
exploitable_by: client
affected_versions:
from: 0.8.17
to: 0.8.19
fixed_version: 0.8.20
credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
description: 'Remote crash and heap corruption in format parsing code'
-
name: BUF-PL-SA-2016
affected_note: buf.pl
release_date: 2016-09-09
git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
repo: scripts.irssi.org
bugs:
-
cve: CVE-2016-7553
exploitable_by: local
affected_versions:
from: '*'
to: '2.13'
fixed_version: '2.20'
credit: 'Juerd Waalboer'
description: 'Information disclosure vulnerability'
-
name: IRSSI-SA-2017-01
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
bugs:
-
cve: CVE-2017-5193
exploitable_by: server
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: 'Joseph Bisch'
description: 'NULL pointer dereference in the nickcmp function'
-
cve: CVE-2017-5194
exploitable_by: server
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: ~
description: 'Use after free when receiving invalid nick message'
-
cve: CVE-2017-5356
exploitable_by: formats
affected_versions:
from: '*'
to: 0.8.20
fixed_version: 0.8.21
credit: 'Hanno Böck'
description: 'Out of bounds read when printing the value %['
-
cve: CVE-2017-5195
exploitable_by: client
affected_versions:
from: 0.8.17
to: 0.8.20
fixed_version: 0.8.21
credit: 'Joseph Bisch'
description: 'Out of bounds read in certain incomplete control codes'
-
cve: CVE-2017-5196
exploitable_by: server
affected_versions:
from: 0.8.18
to: 0.8.20
fixed_version: 0.8.21
credit: 'Hanno Böck and independently by Joseph Bisch'
description: 'Out of bounds read in certain incomplete character sequences'
-
name: IRSSI-SA-2017-03
release_date: 2017-03-10
git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
bugs:
-
cve: CVE-2017-7191
exploitable_by: server
important: True
affected_versions:
from: 1.0.0
to: 1.0.1
fixed_version: 1.0.2
credit: APic
description: 'Use after free while producing list of netjoins'
-
name: IRSSI-SA-2017-06
release_date: 2017-06-06
git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55
bugs:
-
cve: CVE-2017-9468
exploitable_by: server
affected_versions:
from: '*'
to: 1.0.2
fixed_version: 1.0.3
credit: 'Joseph Bisch'
description: 'NULL pointer dereference when receiving a DCC message without source nick/host'
-
cve: CVE-2017-9469
exploitable_by: client
affected_versions:
from: '*'
to: 1.0.2
fixed_version: 1.0.3
credit: 'Joseph Bisch'
description: 'Out of bounds read when parsing incorrectly quoted DCC files'
|
