irssi

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Modular text mode IRC client with Perl scripting
Version 1.1.1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-616 1.1.0-1 1.1.1-1 High Fixed
AVG-575 1.0.5-1 1.0.6-1 Medium Fixed
AVG-461 1.0.4-3 1.0.5-1 High Fixed
AVG-342 1.0.3-1 1.0.4-1 Critical Fixed
AVG-293 1.0.2-2 1.0.3-1 Medium Fixed
AVG-224 1.0.1-1 1.0.2-1 High Fixed
AVG-127 0.8.20-1 0.8.21-1 High Fixed
AVG-28 0.8.19-2 High Not affected
AVG-27 0.8.19-2 0.8.20-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-7054 AVG-616 Low Yes Denial of service
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits.
CVE-2018-7053 AVG-616 High Yes Arbitrary code execution
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
CVE-2018-7052 AVG-616 Low Yes Denial of service
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer...
CVE-2018-7051 AVG-616 Low Yes Denial of service
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
CVE-2018-7050 AVG-616 Low Yes Denial of service
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-5208 AVG-575 Medium No Denial of service
In Irssi before 1.0.6 a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
CVE-2018-5207 AVG-575 Medium No Denial of service
When using an incomplete variable argument, irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-5206 AVG-575 Medium Yes Denial of service
When the channel topic is set without specifying a sender, irssi before 1.0.6 may dereference a NULL pointer.
CVE-2018-5205 AVG-575 Medium No Denial of service
When using incomplete escape codes, irssi before 1.0.6 may access data beyond the end of the string.
CVE-2017-9469 AVG-293 Medium Yes Denial of service
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory....
CVE-2017-9468 AVG-293 Medium Yes Denial of service
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
CVE-2017-7191 AVG-224 High Yes Arbitrary code execution
A use after free vulnerability has been discovered in irssi < 1.0.2 while producing a list of netjoins that can result in arbitrary code execution.
CVE-2017-5196 AVG-127 Medium Yes Denial of service
An out of bounds read has been discovered in certain incomplete character sequences leading to application crash.
CVE-2017-5195 AVG-127 Medium Yes Denial of service
An out of bounds read has been discovered in certain incomplete control codes leading to application crash.
CVE-2017-5194 AVG-127 High Yes Arbitrary code execution
A use after free vulnerability has been discovered when receiving an invalid nick message potentially leading to arbitrary code execution.
CVE-2017-5193 AVG-127 Medium Yes Denial of service
A NULL pointer dereference has been discovered in the nickcmp function leading to application crash.
CVE-2017-15723 AVG-461 Medium Yes Denial of service
Overlong nicks or targets may result in a NULL-pointer dereference in Irssi >= 0.8.17 and < 1.0.5 while splitting the message. Most IRC servers typically...
CVE-2017-15722 AVG-461 Medium Yes Denial of service
In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. To be exploited, this issue...
CVE-2017-15721 AVG-461 Medium Yes Denial of service
Certain incorrectly formatted DCC CTCP messages could cause NULL- pointer dereference in Irssi < 1.0.5. This is a separate, but similar issue to...
CVE-2017-15228 AVG-461 Medium Yes Denial of service
When installing themes with unterminated colour formatting sequences, Irssi < 1.0.5 may access data beyond the end of the string.
CVE-2017-15227 AVG-461 High Yes Arbitrary code execution
While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in...
CVE-2017-10966 AVG-342 Critical Yes Arbitrary code execution
While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in...
CVE-2017-10965 AVG-342 Medium Yes Denial of service
When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. This requires control over the IRC server, or a position of...
CVE-2016-7045 AVG-27 High Yes Arbitrary code execution
The format_send_to_gui() function does not validate the length of the string before incrementing the `ptr' pointer in all cases.
If that happens, the...
CVE-2016-7044 AVG-28 High Yes Arbitrary code execution
The unformat_24bit_color() function is called by format_send_to_gui() to decode 24bit color codes into their components. The pointer is advanced...

Advisories

Date Advisory Group Severity Description
15 Feb 2018 ASA-201802-8 AVG-616 High multiple issues
16 Jan 2018 ASA-201801-12 AVG-575 Medium denial of service
22 Oct 2017 ASA-201710-30 AVG-461 High multiple issues
13 Jul 2017 ASA-201707-13 AVG-342 Critical denial of service
12 Jun 2017 ASA-201706-11 AVG-293 Medium denial of service
21 Mar 2017 ASA-201703-17 AVG-224 High arbitrary code execution
11 Jan 2017 ASA-201701-14 AVG-127 High multiple issues
22 Sep 2016 ASA-201609-20 AVG-27 High arbitrary code execution