_data/security.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

---
-
  name: IRSSI-SA-2016
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  bugs:
    -
      cve: CVE-2016-7044
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      affected_note_bottom: '(with truecolor)'
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
    -
      cve: CVE-2016-7045
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
-
  name: BUF-PL-SA-2016
  affected_note: buf.pl
  release_date: 2016-09-09
  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
  repo: scripts.irssi.org
  bugs:
    -
      cve: CVE-2016-7553
      exploitable_by: local
      affected_versions:
        from: '*'
        to: '2.13'
      fixed_version: '2.20'
      credit: 'Juerd Waalboer'
      description: 'Information disclosure vulnerability'
-
  name: IRSSI-SA-2017-01
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  bugs:
    -
      cve: CVE-2017-5193
      exploitable_by: server
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'NULL pointer dereference in the nickcmp function'
    -
      cve: CVE-2017-5194
      exploitable_by: server
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: ~
      description: "Use after free when receiving invalid nick message\n"
    -
      cve: CVE-2017-5356
      exploitable_by: formats
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck'
      description: 'Out of bounds read when printing the value %['
    -
      cve: CVE-2017-5195
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'Out of bounds read in certain incomplete control codes'
    -
      cve: CVE-2017-5196
      exploitable_by: server
      affected_versions:
        from: 0.8.18
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck and independently by Joseph Bisch'
      description: "Out of bounds read in certain incomplete character sequences\n"
-
  name: IRSSI-SA-2017-03
  release_date: 2017-03-10
  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
  bugs:
    -
      cve: CVE-2017-7191
      exploitable_by: server
      important: True
      affected_versions:
        from: 1.0.0
        to: 1.0.1
      fixed_version: 1.0.2
      credit: APic
      description: "Use after free while producing list of netjoins\n"