FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e78261e4-803d-11e6-a590-14dae9d210b8irssi -- heap corruption and missing boundary checks

Irssi reports:

Remote crash and heap corruption. Remote code execution seems difficult since only Nuls are written.


Discovery 2016-09-21
Entry 2016-09-21
Modified 2016-09-22
irssi
zh-irssi
ge 0.8.17 lt 0.8.20

https://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7044
CVE-2016-7045
165e8951-4be0-11e7-a539-0050569f7e80irssi -- remote DoS

Joseph Bisch reports:

When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer.

When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory.


Discovery 2017-06-06
Entry 2017-06-08
irssi
< 1.0.3

CVE-2017-9468
CVE-2017-9469
https://irssi.org/security/irssi_sa_2017_06.txt
85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1irssi -- multiple vulnerabilities

Irssi reports:

When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string.

While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.

Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference.

Overlong nicks or targets may result in a NULL pointer dereference while splitting the message.

In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.


Discovery 2017-10-10
Entry 2017-10-22
Modified 2017-12-31
irssi
< 1.0.5,1

https://irssi.org/security/irssi_sa_2017_10.txt
CVE-2017-15721
CVE-2017-15722
CVE-2017-15723
CVE-2017-15227
CVE-2017-15228
ports/223169
475f952c-9b29-11e9-a8a5-6805ca0b38e8irssi -- Use after free when sending SASL login to the server

Irssi reports:

Use after free when sending SASL login to the server found by ilbelkyr. (CWE-416, CWE-825)


Discovery 2019-06-29
Entry 2019-07-01
irssi
< 1.2.1,1

https://irssi.org/security/irssi_sa_2019_06.txt
CVE-2019-13045
a3764767-f31e-11e7-95f2-005056925db4irssi -- multiple vulnerabilities

Irssi reports:

When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch.

When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch.

A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Found by Joseph Bisch.

When using an incomplete variable argument, Irssi may access data beyond the end of the string. Found by Joseph Bisch.


Discovery 2018-01-03
Entry 2018-01-06
irssi
< 1.0.6,1

https://irssi.org/security/irssi_sa_2018_01.txt
CVE-2018-5205
CVE-2018-5206
CVE-2018-5207
CVE-2018-5208
ports/224954
31001c6b-63e7-11e7-85aa-a4badb2f4699irssi -- multiple vulnerabilities

irssi reports:

When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table.


Discovery 2017-07-05
Entry 2017-07-08
irssi
< 1.0.4,1

https://irssi.org/security/irssi_sa_2017_07.txt
CVE-2017-10965
CVE-2017-10966
ports/220544
7afc5e56-156d-11e8-95f2-005056925db4irssi -- multiple vulnerabilities

Irssi reports:

Use after free when server is disconnected during netsplits. Found by Joseph Bisch.

Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch.

Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch.

When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. Found by Joseph Bisch.

Certain nick names could result in out of bounds access when printing theme strings. Found by Oss-Fuzz.


Discovery 2018-02-15
Entry 2018-02-19
Modified 2018-02-22
irssi
< 1.1.1,1

https://irssi.org/security/irssi_sa_2018_02.txt
CVE-2018-7054
CVE-2018-7053
CVE-2018-7052
CVE-2018-7051
CVE-2018-7050
ports/226001
3d6be69b-d365-11e6-a071-001e67f15f5aIrssi -- multiple vulnerabilities

Irssi reports:

Five vulnerabilities have been located in Irssi

  • A NULL pointer dereference in the nickcmp function found by Joseph Bisch. (CWE-690)
  • Use after free when receiving invalid nick message (Issue #466, CWE-146)
  • Out of bounds read in certain incomplete control codes found by Joseph Bisch. (CWE-126)
  • Out of bounds read in certain incomplete character sequences found by Hanno Böck and independently by J. Bisch. (CWE-126)
  • Out of bounds read when Printing the value '%['. Found by Hanno Böck. (CWE-126)

These issues may result in denial of service (remote crash).


Discovery 2017-01-03
Entry 2017-01-05
Modified 2017-01-15
irssi
< 0.8.21

CVE-2017-5193
CVE-2017-5194
CVE-2017-5195
CVE-2017-5196
CVE-2017-5356
ports/215800
https://irssi.org/security/irssi_sa_2017_01.txt