Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2017-1 CVE-2017-8073 7.5
Buffer overflow when receiving a DCC file. IRC Out-of-bounds write 0.3.3 → 1.7 1.7.1

WSA-2017-1: [IRC] Buffer overflow when receiving a DCC file.

Vulnerability
CVE
CVE-2017-8073 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds write (detail)
Scope
IRC
Affected versions
0.3.3 → 1.7
Fixed version
1.7.1 () - ChangeLog
Tracker
Not available
Commits
Description
Buffer overflow when removing quotes in DCC filename.
Mitigation
With WeeChat ≥ 1.1, you can create a trigger:

/trigger add irc_dcc_quotes modifier "irc_in_privmsg" "${arguments} =~ ^[^ ]+ :${\x01}DCC SEND ${\x22} " "/.*//"

With any older version, there is no simple mitigation, you must upgrade WeeChat.
Credit
The issue was discovered by Tobias Stoeckmann.