blob: d4352b8696d77d42ce39f2af3fce6702116f6700 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
- name: IRSSI-SA-2016
release_date: 2016-09-14
git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
bugs:
- name: CVE-2016-7044
external_links:
- id: CVE-2016-7044
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044
- id: IRSSI-SA-2016
url: https://irssi.org/security/irssi_sa_2016.txt
exploitable_by: client
affected_versions: 0.8.17-0.8.19 (with truecolor)
fixed_version: 0.8.20
release_date: 2016-09-14
git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
credit: Gabriel Campana and Adrien Guinet from Quarkslab
description: |
Remote crash and heap corruption in format parsing code
- name: CVE-2016-7045
external_links:
- id: CVE-2016-7045
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045
- id: IRSSI-SA-2016
url: https://irssi.org/security/irssi_sa_2016.txt
exploitable_by: client
affected_versions: 0.8.17-0.8.19
fixed_version: 0.8.20
release_date: 2016-09-14
git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
credit: Gabriel Campana and Adrien Guinet from Quarkslab
description: |
Remote crash and heap corruption in format parsing code
- name: BUF-PL-SA-2016
release_date: 2016-09-09
git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
bugs:
- name: CVE-2016-7553
external_links:
- id: CVE-2016-7553
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
- id: BUF-PL-SA-2016
url: https://irssi.org/security/buf_pl_sa_2016.txt
exploitable_by: local users
affected_versions: "buf.pl *-2.13"
fixed_version: buf.pl 2.20
release_date: 2016-09-09
repo: scripts.irssi.org
git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
credit: Juerd Waalboer
description: |
Information disclosure vulnerability
- name: IRSSI-SA-2017-01
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
bugs:
- name: CVE-2017-5193
external_links:
- id: CVE-2017-5193
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
- id: IRSSI-SA-2017-01
url: https://irssi.org/security/irssi_sa_2017_01.txt
exploitable_by: server
affected_versions: "*-0.8.20"
fixed_version: 0.8.21
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
credit: Joseph Bisch
description: |
NULL pointer dereference in the nickcmp function
- name: CVE-2017-5194
external_links:
- id: CVE-2017-5194
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
- id: IRSSI-SA-2017-01
url: https://irssi.org/security/irssi_sa_2017_01.txt
exploitable_by: server
affected_versions: "*-0.8.20"
fixed_version: 0.8.21
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
credit:
description: |
Use after free when receiving invalid nick message
- name: CVE-2017-5195
external_links:
- id: CVE-2017-5195
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
- id: IRSSI-SA-2017-01
url: https://irssi.org/security/irssi_sa_2017_01.txt
exploitable_by: client
affected_versions: 0.8.17-0.8.20
fixed_version: 0.8.21
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
credit: Joseph Bisch
description: |
Out of bounds read in certain incomplete control codes
- name: CVE-2017-5196
external_links:
- id: CVE-2017-5196
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
- id: IRSSI-SA-2017-01
url: https://irssi.org/security/irssi_sa_2017_01.txt
exploitable_by: server
affected_versions: 0.8.18-0.8.20
fixed_version: 0.8.21
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
credit: Hanno Böck and independently by Joseph Bisch
description: |
Out of bounds read in certain incomplete character sequences
- name: CVE-2017-5356
external_links:
- id: CVE-2017-5356
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
- id: IRSSI-SA-2017-01
url: https://irssi.org/security/irssi_sa_2017_01.txt
exploitable_by: local formats
affected_versions: "*-0.8.20"
fixed_version: 0.8.21
release_date: 2017-01-05
git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
credit: Hanno Böck
description: |
Out of bounds read when printing the value %[
- name: IRSSI-SA-2017-03
release_date: 2017-03-10
git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
bugs:
- name: CVE-2017-7191
external_links:
- id: CVE-2017-7191
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
- id: IRSSI-SA-2017-03
url: https://irssi.org/security/irssi_sa_2017_03.txt
exploitable_by: server
affected_versions: "1.0.0-1.0.1"
fixed_version: 1.0.2
release_date: 2017-03-10
git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
credit: APic
description: |
Use after free while producing list of netjoins
|
