Irssi : Security Vulnerabilities, CVEs, CVSS score >= 8
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
Max CVSS
10.0
EPSS Score
0.66%
Published
2020-12-08
Updated
2020-12-09
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
Max CVSS
9.8
EPSS Score
0.30%
Published
2019-08-29
Updated
2019-09-14
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
Max CVSS
8.1
EPSS Score
1.33%
Published
2019-06-29
Updated
2019-07-03
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-01-09
Updated
2019-02-26
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
Max CVSS
9.8
EPSS Score
0.40%
Published
2018-02-15
Updated
2019-07-04
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
Max CVSS
9.8
EPSS Score
0.25%
Published
2018-02-15
Updated
2019-02-28
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-01-06
Updated
2019-03-12
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-01-06
Updated
2019-03-12
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-07-07
Updated
2017-11-05
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-07-07
Updated
2017-11-05
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.00%
Published
2017-03-27
Updated
2017-03-31
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Max CVSS
9.3
EPSS Score
2.52%
Published
2007-08-18
Updated
2018-10-15
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
Max CVSS
10.0
EPSS Score
0.32%
Published
2002-12-31
Updated
2008-09-05
13 vulnerabilities found