Security vulnerabilities in version 0.3.1.1

This page lists all known and fixed security vulnerabilities in version 0.3.1.1 (back to the list of all versions).

Overview: 5 vulnerabilities

WSA Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2026-6 9.3
Write of DCC file received outside of configured download path. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Xfer 0.0.8 → 4.9.1 4.9.2
WSA-2024-1 3.8
Integer overflow in loops on lists. Integer Overflow or Wraparound Core, Plugins 0.1.6 → 4.4.1 4.4.2
WSA-2013-2 5.5
Crash on send of unknown commands to IRC server. Access of uninitialized pointer IRC 0.3.0 → 0.4.0 0.4.1
WSA-2012-2 10.0
Remote execution of commands via scripts. Improper input validation API 0.3.0 → 0.3.9.1 0.3.9.2
WSA-2011-1 5.3
Possible man-in-the-middle attack in TLS connection to IRC server. Improper certificate validation IRC 0.1.3 → 0.3.4 0.3.5

WSA-2026-6: [Xfer] Write of DCC file received outside of configured download path.

Vulnerability
CVE
Not available
CVSS vector
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H (detail)
CVSS score
9.3 / 10
Severity
critical
Vulnerability type
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (detail)
Scope
Xfer
Affected versions
0.0.8 → 4.9.1
Fixed version
4.9.2 () - ChangeLog
Tracker
issue #2321
Commits
Commit
Description
When receiving a DCC file, the filename built contains the remote nick (the option xfer.file.use_nick_in_filename is on by default).
If the nick contains special characters, the file could be written outside of the configured download path.
Xfer never overwrites existing files, so if a file exists with the same name, a suffix like ".1" is appended to the filename.
Mitigation
Turn off option to include nick in filename: /set xfer.file.use_nick_in_filename off.
Credit
The issue was discovered by aizu-m.

WSA-2024-1: [Core, Plugins] Integer overflow in loops on lists.

Vulnerability
CVE
CVE-2024-46613 [ MITRE / NVD ]
CVSS vector
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)
CVSS score
3.8 / 10
Severity
low
Vulnerability type
Integer Overflow or Wraparound (detail)
Scope
Core, Plugins
Affected versions
0.1.6 → 4.4.1
Fixed version
4.4.2 () - ChangeLog
Tracker
issue #2178
Commits
Commit Commit Commit Commit Commit
Description
An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
Credit
The issue was discovered by Yiheng Cao.

WSA-2013-2: [IRC] Crash on send of unknown commands to IRC server.

Vulnerability
CVE
Not available
CVSS vector
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (detail)
CVSS score
5.5 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
IRC
Affected versions
0.3.0 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Commit
Description
Strings are built with uncontrolled format when unknown IRC commands are sent to server, if option irc.network.send_unknown_commands is enabled.
Mitigation
There are multiple ways to mitigate this issue:

WSA-2012-2: [API] Remote execution of commands via scripts.

Vulnerability
CVE
CVE-2012-5534 [ MITRE / NVD ]
CVSS vector
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (detail)
CVSS score
10.0 / 10
Severity
critical
Vulnerability type
Improper input validation (detail)
Scope
API
Affected versions
0.3.0 → 0.3.9.1
Fixed version
0.3.9.2 () - ChangeLog
Tracker
bug #37764
Commits
Commit
Description
Untrusted command for function hook_process could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
Mitigation
Remove/unload all scripts calling the API function hook_process.

WSA-2011-1: [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.

Vulnerability
CVE
CVE-2011-1428 [ MITRE / NVD ]
CVSS vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)
CVSS score
5.3 / 10
Severity
medium
Vulnerability type
Improper certificate validation (detail)
Scope
IRC
Affected versions
0.1.3 → 0.3.4
Fixed version
0.3.5 () - ChangeLog
Tracker
patch #7459
Commits
Commit
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

GitHub Mastodon X

Copyright © 2003-2026 Sébastien HelleuAbout WeeChat.org — Theme: light (dark)