CVE Tools

irssi

Communicationsoss-project

35

Cumulative CVEs

13

Monthly snapshots

#24

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting irssi.

CVE-2023-29132Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a for...5.3Apr 14, 2023
CVE-2020-29602The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker im...9.8Dec 8, 2020
CVE-2019-15717Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.9.8Aug 29, 2019
CVE-2019-13045Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.8.1Jun 29, 2019
CVE-2019-5882Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.9.8Jan 9, 2019
CVE-2018-7054An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix ...9.8Feb 15, 2018
CVE-2018-7053An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.9.8Feb 15, 2018
CVE-2018-7052An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.7.5Feb 15, 2018
CVE-2018-7051An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.7.5Feb 15, 2018
CVE-2018-7050An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.7.5Feb 15, 2018
CVE-2018-5208In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.9.8Jan 6, 2018
CVE-2018-5207When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.7.5Jan 6, 2018
CVE-2018-5206When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.9.8Jan 6, 2018
CVE-2018-5205When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.7.5Jan 6, 2018
CVE-2017-15228Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.7.5Oct 22, 2017