Security vulnerabilities in version 0.2.6

This page lists all known and fixed security vulnerabilities in version 0.2.6 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2011-1 CVE-2011-1428 5.3
Possible man-in-the-middle attack in TLS connection to IRC server. Improper certificate validation IRC 0.1.3 → 0.3.4 0.3.5
WSA-2009-1 CVE-2009-0661 7.5
Crash when receiving WeeChat color codes in IRC messages. Out-of-bounds read IRC 0.2.6 0.2.6.1

WSA-2011-1: [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.

Vulnerability
CVE
CVE-2011-1428 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)
CVSS score
5.3 / 10
Severity
medium
Vulnerability type
Improper certificate validation (detail)
Scope
IRC
Affected versions
0.1.3 → 0.3.4
Fixed version
0.3.5 () - ChangeLog
Tracker
patch #7459
Commits
Commit
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.

WSA-2009-1: [IRC] Crash when receiving WeeChat color codes in IRC messages.

Vulnerability
CVE
CVE-2009-0661 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
IRC
Affected versions
0.2.6
Fixed version
0.2.6.1 () - ChangeLog
Tracker
bug #25862
Commits
Commit
Description
A crash happens when receiving some WeeChat internal color codes in IRC messages.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.

GitHub Diaspora Mastodon Twitter

Copyright © 2003-2023 Sébastien HelleuAbout WeeChat.org — Theme: auto (dark, light)