Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
CVSS Score
8.1
EPSS Score
0.06
Published
2019-06-29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-02-15
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-02-15
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-02-15
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-02-15
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-02-15
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-01-06
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-01-06
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-01-06
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-01-06
Page 1