Security vulnerabilities in version 0.2.6

This page lists all known and fixed security vulnerabilities in version 0.2.6 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2011-1 CVE-2011-1428 5.3
Possible man-in-the-middle attack in connection to IRC server. IRC Improper input validation 0.1.3 → 0.3.4 0.3.5
WSA-2009-1 CVE-2009-0661 7.5
Crash when receiving WeeChat color codes in IRC messages. IRC Out-of-bounds read 0.2.6 0.2.6.1

WSA-2011-1: [IRC] Possible man-in-the-middle attack in connection to IRC server.

Vulnerability
CVE
CVE-2011-1428 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)
CVSS score
5.3 / 10
Severity
medium
Vulnerability type
Improper input validation (detail)
Scope
IRC
Affected versions
0.1.3 → 0.3.4
Fixed version
0.3.5 () - ChangeLog
Tracker
Commits
Description
Due to insufficient check of SSL certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.

WSA-2009-1: [IRC] Crash when receiving WeeChat color codes in IRC messages.

Vulnerability
CVE
CVE-2009-0661 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
IRC
Affected versions
0.2.6
Fixed version
0.2.6.1 () - ChangeLog
Tracker
Commits
Description
A crash happens when receiving some WeeChat internal color codes in IRC messages.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.