Debian Irssi vulnerabilities

CVE-2023-29132 [MEDIUM] CVE-2023-29132: irssi - Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stal... Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. Scope: local bookworm: resolved (fixed in 1.4.3-2) bullseye: resolved forky: resolved (fixed in 1.4.3-2) sid: resolved (fixed in 1.4.3-2) trixie: resolved (fi

CVE-2019-5882 [CRITICAL] CVE-2019-5882: irssi - Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from... Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Scope: local bookworm: resolved (fixed in 1.1.2-1) bullseye: resolved (fixed in 1.1.2-1) forky: resolved (fixed in 1.1.2-1) sid: resolved (fixed in 1.1.2-1) trixie: resolved (fixed in 1.1.2-1)

CVE-2019-15717 [CRITICAL] CVE-2019-15717: irssi - Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double C... Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. Scope: local bookworm: resolved (fixed in 1.2.2-1) bullseye: resolved (fixed in 1.2.2-1) forky: resolved (fixed in 1.2.2-1) sid: resolved (fixed in 1.2.2-1) trixie: resolved (fixed in 1.2.2-1)

CVE-2019-13045 [HIGH] CVE-2019-13045: irssi - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is ena... Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye: resolved (fixed in 1.2.1-1) forky: resolved (fixed in 1.2.1-1) sid: resolved (fixed in 1.2.1-1) trixie: resolved (fixed in 1.2.1-1)

CVE-2018-5208 [CRITICAL] CVE-2018-5208: irssi - In Irssi before 1.0.6, a calculation error in the completion code could cause a ... In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-7054 [CRITICAL] CVE-2018-7054: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a... An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.

CVE-2018-5206 [CRITICAL] CVE-2018-5206: irssi - When the channel topic is set without specifying a sender, Irssi before 1.0.6 ma... When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-7053 [CRITICAL] CVE-2018-7053: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a... An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-5207 [HIGH] CVE-2018-5207: irssi - When using an incomplete variable argument, Irssi before 1.0.6 may access data b... When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-7052 [HIGH] CVE-2018-7052: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the n... An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1

CVE-2018-7051 [HIGH] CVE-2018-7051: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain ni... An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-7050 [HIGH] CVE-2018-7050: irssi - An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL poi... An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2018-5205 [HIGH] CVE-2018-5205: irssi - When using incomplete escape codes, Irssi before 1.0.6 may access data beyond th... When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2017-7191 [CRITICAL] CVE-2017-7191: irssi - The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a den... The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.0.2-1) bullseye: resolved (fixed in 1.0.2-1) forky: resolved (fixed in 1.0.2-1) sid: resolved (fixed in 1.0.2-1) trixie: resolved (fixed in 1.0.2-1)

CVE-2017-15723 [HIGH] CVE-2017-15723: irssi - In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer de... In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. Scope: local bookworm: resolved (fixed in 1.0.5-1) bullseye: resolved (fixed in 1.0.5-1) forky: resolved (fixed in 1.0.5-1) sid: resolved (fixed in 1.0.5-1) trixie: resolved (fixed in 1.0.5-1)

CVE-2017-9469 [HIGH] CVE-2017-9469: irssi - In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it t... In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. Scope: local bookworm: resolved (fixed in 1.0.3-1) bullseye: resolved (fixed in 1.0.3-1) forky: resolved (fixed in 1.0.3-1) sid: resolved (fixed in 1.0.3-1) trixie:

CVE-2017-5196 [HIGH] CVE-2017-5196: irssi - Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service ... Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. Scope: local bookworm: resolved (fixed in 0.8.21-1) bullseye: resolved (fixed in 0.8.21-1) forky: resolved (fixed in 0.8.21-1) sid: resolved (fixed in 0.8.21-1) trixie: resolved (fixed in 0.8.21-1)

CVE-2017-15721 [HIGH] CVE-2017-15721: irssi - In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cau... In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. Scope: local bookworm: resolved (fixed in 1.0.5-1) bullseye: resolved (fixed in 1.0.5-1) forky: resolved (fixed in 1.0.5-1) sid: resolved (fixed in 1.0.5-1) trixie: resolved (fixed in 1.0.5-1)

CVE-2017-15227 [HIGH] CVE-2017-15227: irssi - Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrect... Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. Scope: local bookworm: resolved (fixed in 1.0.5-1) bullseye: resolved (fixed in 1.0.5-1) forky: resolved (fixed in 1.0.5-1) sid: resolved (fixed in 1.0.5-1) tr

CVE-2017-5194 [HIGH] CVE-2017-5194: irssi - Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to c... Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. Scope: local bookworm: resolved (fixed in 0.8.21-1) bullseye: resolved (fixed in 0.8.21-1) forky: resolved (fixed in 0.8.21-1) sid: resolved (fixed in 0.8.21-1) trixie: resolved (fixed in 0.8.21-1)