threat
engine
.sh
Back
·
··:··
Home
/
Product
/
irssi
Product
irssi
43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-29132
>= 1.3.0 and < 1.4.4
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when pr
5.3
MEDIUM
CVE-2020-29602
< 1.1-alpine
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the ir
9.8
CRITICAL
CVE-2019-15717
>= 1.2.0 and < 1.2.2
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
9.8
CRITICAL
CVE-2019-13045
>= 0.8.18 and < 1.0.8
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login
8.1
HIGH
CVE-2019-5882
>= 1.1.0 and < 1.1.2
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
9.8
CRITICAL
CVE-2018-7054
< 1.0.7
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected duri
9.8
CRITICAL
CVE-2018-7053
< 1.0.7
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in
9.8
CRITICAL
CVE-2018-7052
< 1.0.7
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a cr
7.5
HIGH
CVE-2018-7051
< 1.0.7
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when
7.5
HIGH
CVE-2018-7050
< 1.0.7
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
7.5
HIGH
CVE-2018-5208
< 1.0.6
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strin
9.8
CRITICAL
CVE-2018-5207
< 1.0.6
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
7.5
HIGH
CVE-2018-5206
< 1.0.6
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
9.8
CRITICAL
CVE-2018-5205
< 1.0.6
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
7.5
HIGH
CVE-2017-15723
<= 1.0.4
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
7.5
HIGH
CVE-2017-15722
<= 1.0.4
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the
5.9
MEDIUM
CVE-2017-15721
<= 1.0.4
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate,
7.5
HIGH
CVE-2017-15228
<= 1.0.4
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the st
7.5
HIGH
CVE-2017-15227
<= 1.0.4
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the quer
7.5
HIGH
CVE-2017-10966
<= 1.0.3
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable i
9.8
CRITICAL
CVE-2017-10965
<= 1.0.3
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a
9.8
CRITICAL
CVE-2017-9469
<= 1.0.2
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before
7.5
HIGH
CVE-2017-9468
<= 1.0.2
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, rem
7.5
HIGH
CVE-2017-7191
<= 1.0.1
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execu
9.8
CRITICAL
CVE-2017-5356
< 0.8.21
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a
7.5
HIGH
CVE-2017-5196
>= 0.8.18 and < 0.8.21
Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involvi
7.5
HIGH
CVE-2017-5195
>= 0.8.17 and < 0.8.21
Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI
7.5
HIGH
CVE-2017-5194
< 0.8.21
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid ni
7.5
HIGH
CVE-2017-5193
< 0.8.21
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and cra
7.5
HIGH
CVE-2016-7553
<= 2.13
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades
3.3
LOW
CVE-2016-7045
<= 0.8.19
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of ser
7.5
HIGH
CVE-2016-7044
<= 0.8.19
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows
7.5
HIGH
CVE-2010-1156
<= 0.8.15
core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and applicat
CVE-2010-1155
<= 0.8.15
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name
CVE-2009-1959
all versions
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a d
CVE-2007-4399
all versions
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC c
CVE-2007-4398
<= 0.8.10rc5
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remo
CVE-2007-4397
<= 0.8.10rc5
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1,
CVE-2007-4396
<= 0.8.9
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) x
CVE-2006-0458
all versions
The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allow
CVE-2003-1020
all versions
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVE-2002-1840
all versions
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remo
CVE-2002-0983
all versions
IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that h
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin