Shodan
Vulnerabilities
Vulnerable Software
Irssi:  >> Irssi  >> 0.8.3  Security Vulnerabilities
CVE-2017-5194
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-03-03
CVE-2017-5356
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
CVSS Score
7.5
EPSS Score
0.028
Published
2017-03-03
CVE-2016-7045
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
CVSS Score
7.5
EPSS Score
0.019
Published
2016-09-27
CVE-2016-7044
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
CVSS Score
7.5
EPSS Score
0.019
Published
2016-09-27
CVE-2010-1155
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
CVSS Score
6.8
EPSS Score
0.009
Published
2010-04-16
CVE-2010-1156
core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
CVSS Score
4.3
EPSS Score
0.033
Published
2010-04-16
CVE-2007-4396
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
9.3
EPSS Score
0.014
Published
2007-08-18
CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
6.8
EPSS Score
0.034
Published
2007-08-18
CVE-2007-4398
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
6.8
EPSS Score
0.014
Published
2007-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved