_data/security.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

- name: CVE-2016-7044
  external_links:
          - id: CVE-2016-7044
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044
          - id: IRSSI-SA-2016
            url: https://irssi.org/security/irssi_sa_2016.txt
  exploitable_by: client
  affected_versions: 0.8.17-0.8.19 (with truecolor)
  fixed_version: 0.8.20
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  credit: Gabriel Campana and Adrien Guinet from Quarkslab
  description: |
          Remote crash and heap corruption in format parsing code

- name: CVE-2016-7045
  external_links:
          - id: CVE-2016-7045
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045
          - id: IRSSI-SA-2016
            url: https://irssi.org/security/irssi_sa_2016.txt
  exploitable_by: client
  affected_versions: 0.8.17-0.8.19
  fixed_version: 0.8.20
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  credit: Gabriel Campana and Adrien Guinet from Quarkslab
  description: |
          Remote crash and heap corruption in format parsing code

- name: CVE-2016-7553
  external_links:
          - id: CVE-2016-7553
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
          - id: BUF-PL-SA-2016
            url: https://irssi.org/security/buf_pl_sa_2016.txt
  exploitable_by: local users
  affected_versions: "buf.pl *-2.13"
  fixed_version: buf.pl 2.20
  release_date: 2016-09-09
  repo: scripts.irssi.org
  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
  credit: Juerd Waalboer
  description: |
          Information disclosure vulnerability

- name: CVE-2017-5193
  external_links:
          - id: CVE-2017-5193
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
          - id: IRSSI-SA-2017-01
            url: https://irssi.org/security/irssi_sa_2017_01.txt
  exploitable_by: server
  affected_versions: "*-0.8.20"
  fixed_version: 0.8.21
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  credit: Joseph Bisch
  description: |
          NULL pointer dereference in the nickcmp function

- name: CVE-2017-5194
  external_links:
          - id: CVE-2017-5194
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
          - id: IRSSI-SA-2017-01
            url: https://irssi.org/security/irssi_sa_2017_01.txt
  exploitable_by: server
  affected_versions: "*-0.8.20"
  fixed_version: 0.8.21
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  credit: 
  description: |
          Use after free when receiving invalid nick message

- name: CVE-2017-5195
  external_links:
          - id: CVE-2017-5195
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
          - id: IRSSI-SA-2017-01
            url: https://irssi.org/security/irssi_sa_2017_01.txt
  exploitable_by: client
  affected_versions: 0.8.17-0.8.20
  fixed_version: 0.8.21
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  credit: Joseph Bisch
  description: |
          Out of bounds read in certain incomplete control codes

- name: CVE-2017-5196
  external_links:
          - id: CVE-2017-5196
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
          - id: IRSSI-SA-2017-01
            url: https://irssi.org/security/irssi_sa_2017_01.txt
  exploitable_by: server
  affected_versions: 0.8.18-0.8.20
  fixed_version: 0.8.21
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  credit: Hanno Böck and independently by Joseph Bisch
  description: |
          Out of bounds read in certain incomplete character sequences

- name: CVE-2017-5356
  external_links:
          - id: CVE-2017-5356
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
          - id: IRSSI-SA-2017-01
            url: https://irssi.org/security/irssi_sa_2017_01.txt
  exploitable_by: local formats
  affected_versions: "*-0.8.20"
  fixed_version: 0.8.21
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  credit: Hanno Böck
  description: |
          Out of bounds read when printing the value %[

- name: CVE-2017-7191
  external_links:
          - id: CVE-2017-7191
            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
          - id: IRSSI-SA-2017-03
            url: https://irssi.org/security/irssi_sa_2017_03.txt
  exploitable_by: server
  affected_versions: "1.0.0-1.0.1"
  fixed_version: 1.0.2
  release_date: 2017-03-10
  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
  credit: APic
  description: |
          Use after free while producing list of netjoins