Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2013-3 - 7.5
Crash on IRC commands sent via Relay. Relay Access of uninitialized pointer 0.3.8 → 0.4.0 0.4.1

WSA-2013-3: [Relay] Crash on IRC commands sent via Relay.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Access of uninitialized pointer (detail)
Scope
Relay
Affected versions
0.3.8 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Description
Strings are built with uncontrolled format when IRC commands are redirected by relay plugin. If the output or redirected command contains formatting chars like "%", this can lead to a crash of WeeChat.
Mitigation
You can remove all relays of type "irc", see /help relay.