Irssi

irssi

Vendor: Irssi • 41 CVEs

CVEs (41)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-9469 2Debian Irssi 2Debian Linux Irssi May 13, 2026 Jun 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
CVE-2017-9468 2Debian Irssi 2Debian Linux Irssi May 13, 2026 Jun 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
CVE-2017-7191 1Irssi 1Irssi May 13, 2026 Mar 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
CVE-2017-5356 2Debian Irssi 2Debian Linux Irssi May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
CVE-2017-5196 1Irssi 1Irssi May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8.
CVE-2017-5195 1Irssi 1Irssi May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.
CVE-2017-5194 2Debian Irssi 2Debian Linux Irssi May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
CVE-2017-5193 2Debian Irssi 2Debian Linux Irssi May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
CVE-2016-7045 3Canonical DebianIrssi 3Debian Linux IrssiUbuntu Linux May 6, 2026 Sep 27, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
CVE-2016-7044 3Canonical DebianIrssi 3Debian Linux IrssiUbuntu Linux May 6, 2026 Sep 27, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomple...Show more The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.Show less
CVE-2010-1156 1Irssi 1Irssi Apr 29, 2026 Apr 16, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a vict...Show more core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.Show less
CVE-2010-1155 1Irssi 1Irssi Apr 29, 2026 Apr 16, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man...Show more Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.Show less
CVE-2009-1959 1Irssi 1Irssi Apr 23, 2026 Jun 8, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read...Show more Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.Show less
CVE-2007-4399 1Irssi 1Irssi Apr 23, 2026 Aug 18, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4398 1Irssi 1Irssi Apr 23, 2026 Aug 18, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song...Show more Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.Show less
CVE-2007-4397 6Irssi Kristof KorwisiMikachu+3 more 7Irssi IxmmsaL33t Xmms Music Showing Script+4 more Apr 23, 2026 Aug 18, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for...Show more Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.Show less
CVE-2007-4396 1Irssi 1Irssi Apr 23, 2026 Aug 18, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.1...Show more Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.Show less
CVE-2006-0458 1Irssi 1Irssi Apr 16, 2026 Mar 6, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted ar...Show more The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.Show less
CVE-2003-1020 2Irssi Mandrakesoft 2Irssi Mandrake Linux Apr 16, 2026 Jan 5, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVE-2002-1840 1Irssi 1Irssi Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.

Previous 123 Next