_data/security.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

---
# -
#   name: Name of the bug group / security advisory, e.g.: IRSSI-SA-2099-01
#   link: link to the advisory, e.g.: http://www.openwall.com/xxx (optional)
#   affected_note: Some additional info for the Versions column, e.g.: script.pl if group affects only a single script (optional)
#   release_date: date of release in YYYY-mm-dd format, e.g.: 2099-01-02
#   repo: repository for the git commit, e.g.: scripts.irssi.org (optional, defaults to irssi)
#   git_commit: git commit for the whole advisory (optional)
#   # List of bugs
#   bugs:
#     -
#       cve: CVE of bug, e.g.: CVE-2099-0999 (optional)
#       name: name for the bug (in reference to the group), e.g.: (a) (optional)
#       link: link to more information about the bug (optional)
#       # additional external links to display in the first column (optional)
#       external_links:
#         -
#           id: text for the link
#           url: href for the link
#         -
#           # add more links here...
#       exploitable_by: one of server/client/local/formats/local (remote)/remote
#       affected_note_top: some remark to show on a row before the versions (optional)
#       # which versions are affected
#       affected_versions:
#         from: first version affected
#         to: last version affected
#       affected_note_bottom: some remarks to show below the versions, e.g.: only with compile flags xxx
#       fixed_version: first version with the fix
#       repo: repository for the git commit, e.g.: scripts.irssi.org (optional, defaults to irssi)
#       git_commit: git commit of the individual bug fix (optional)
#       credit: whom to credit for the discovery
#       description: Content of the description column
#     -
#       # add the next bug here...
# -
#   # Add the next bug group / security advisory here...
-
  name: Historic
  bugs:
    -
      cve: CVE-2002-0983
      exploitable_by: client
      affected_versions:
        to: 0.8.4
      fixed_version: 0.8.6
      git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd
      credit: ripe@7a69ezine.org
      description: |
        Denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. 
    -
      cve: CVE-2002-1840
      exploitable_by: remote
      affected_versions:
        from: 0.8.4
      affected_note_bottom: 'downloaded after 2002-03-14'
      description: |
        The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature!
-
  name: 0.8.9 issues
  release_date: 2003-12-11
  bugs:
    -
      cve: CVE-2003-1020
      exploitable_by: client
      affected_versions:
        to: 0.8.8
      fixed_version: 0.8.9
      git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d
      credit: Rico Gloeckner
      description: |
        The format_send_to_gui function allows remote IRC users to cause a denial of service (crash).
-
  name: 0.8.10 issues
  release_date: 2006-03-01
  bugs:
    -
      cve: CVE-2006-0458
      exploitable_by: client
      affected_versions:
        from: 0.8.9+
      fixed_version: 0.8.10
      git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d
      description: |
        The DCC ACCEPT command handler allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
-
  name: 0.8.11 issues
  release_date: 2007-08-12
  bugs:
    -
      cve: CVE-2007-4396
      exploitable_by: local (remote)
      affected_versions:
        to: 0.8.10
      fixed_version: 0.8.11
      git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c
      credit: 'Wouter Coekaerts'
      description: |
        Multiple CRLF injection vulnerabilities in several scripts for Irssi allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences.
-
  name: 0.8.14 issues
  release_date: 2009-05-28
  bugs:
    -
      cve: CVE-2009-1959
      exploitable_by: client
      affected_versions:
        to: 0.8.13
      fixed_version: 0.8.14
      git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1
      credit: nemo@felinemenace.org
      description: |
        Off-by-one error in the event_wallops function allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
-
  name: 0.8.15 issues
  release_date: 2010-04-03
  bugs:
    -
      cve: CVE-2010-1155
      affected_versions:
        to: 0.8.14
      fixed_version: 0.8.15
      git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328
      description: |
        Irssi does not verify that the server hostname matches a domain name in the SSL certificate.
    -
      cve: CVE-2010-1156
      exploitable_by: client
      affected_versions:
        to: 0.8.14
      fixed_version: 0.8.15
      git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680
      credit: 'Aurelien Delaitre (SATE 2009)'
      description: |
        core/nicklist.c in Irssi allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
-
  name: IRSSI-SA-2016
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  bugs:
    -
      cve: CVE-2016-7044
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      affected_note_bottom: '(with truecolor)'
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
    -
      cve: CVE-2016-7045
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
-
  name: BUF-PL-SA-2016
  affected_note: buf.pl
  release_date: 2016-09-09
  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
  repo: scripts.irssi.org
  bugs:
    -
      cve: CVE-2016-7553
      exploitable_by: local
      affected_versions:
        to: '2.13'
      fixed_version: '2.20'
      credit: 'Juerd Waalboer'
      description: 'Information disclosure vulnerability'
-
  name: IRSSI-SA-2017-01
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  bugs:
    -
      cve: CVE-2017-5193
      exploitable_by: server
      affected_versions:
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'NULL pointer dereference in the nickcmp function'
    -
      cve: CVE-2017-5194
      exploitable_by: server
      affected_versions:
        to: 0.8.20
      fixed_version: 0.8.21
      credit: ~
      description: 'Use after free when receiving invalid nick message'
    -
      cve: CVE-2017-5356
      exploitable_by: formats
      affected_versions:
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck'
      description: 'Out of bounds read when printing the value %['
    -
      cve: CVE-2017-5195
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'Out of bounds read in certain incomplete control codes'
    -
      cve: CVE-2017-5196
      exploitable_by: server
      affected_versions:
        from: 0.8.18
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck and independently by Joseph Bisch'
      description: 'Out of bounds read in certain incomplete character sequences'
-
  name: IRSSI-SA-2017-03
  release_date: 2017-03-10
  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
  bugs:
    -
      cve: CVE-2017-7191
      exploitable_by: server
      affected_versions:
        from: 1.0.0
        to: 1.0.1
      fixed_version: 1.0.2
      credit: APic
      description: 'Use after free while producing list of netjoins'
-
  name: IRSSI-SA-2017-06
  release_date: 2017-06-06
  git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55
  bugs:
    -
      cve: CVE-2017-9468
      exploitable_by: server
      affected_versions:
        to: 1.0.2
      fixed_version: 1.0.3
      credit: 'Joseph Bisch'
      description: 'NULL pointer dereference when receiving a DCC message without source nick/host'
    -
      cve: CVE-2017-9469
      exploitable_by: client
      affected_versions:
        to: 1.0.2
      fixed_version: 1.0.3
      credit: 'Joseph Bisch'
      description: 'Out of bounds read when parsing incorrectly quoted DCC files'