Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2013-1 - 5.5
Crash on nicks monitored with /notify. IRC Access of uninitialized pointer 0.3.6 → 0.4.0 0.4.1

WSA-2013-1: [IRC] Crash on nicks monitored with /notify.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (detail)
CVSS score
5.5 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
IRC
Affected versions
0.3.6 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Description
Strings are built with uncontrolled format when nicks containing "%" are monitored with command /notify.
Mitigation
Do not use command /notify with nicks containing formatting chars like "%".