Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
CVSS Score
6.8
EPSS Score
0.009
Published
2010-04-16
core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
CVSS Score
4.3
EPSS Score
0.033
Published
2010-04-16
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
CVSS Score
5.0
EPSS Score
0.069
Published
2009-06-08
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
9.3
EPSS Score
0.014
Published
2007-08-18
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
6.8
EPSS Score
0.034
Published
2007-08-18
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
6.8
EPSS Score
0.014
Published
2007-08-18
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS Score
6.8
EPSS Score
0.01
Published
2007-08-18
The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
CVSS Score
5.0
EPSS Score
0.009
Published
2006-03-06
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVSS Score
5.0
EPSS Score
0.005
Published
2004-01-05
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
CVSS Score
10.0
EPSS Score
0.009
Published
2002-12-31