In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.