Security vulnerabilities in version 0.3.1

This page lists all known and fixed security vulnerabilities in version 0.3.1 (back to the list of all versions).

Overview: 3 vulnerabilities

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2013-2 - 5.5
Crash on send of unknown commands to IRC server. IRC Access of uninitialized pointer 0.3.0 → 0.4.0 0.4.1
WSA-2012-2 CVE-2012-5534 10.0
Remote execution of commands via scripts. API Improper input validation 0.3.0 → 0.3.9.1 0.3.9.2
WSA-2011-1 CVE-2011-1428 5.3
Possible man-in-the-middle attack in connection to IRC server. IRC Improper input validation 0.1.3 → 0.3.4 0.3.5

WSA-2013-2: [IRC] Crash on send of unknown commands to IRC server.

Vulnerability
CVE
Not assigned
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (detail)
CVSS score
5.5 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
IRC
Affected versions
0.3.0 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Description
Strings are built with uncontrolled format when unknown IRC commands are sent to server (if option "irc.network.send_unknown_commands" is enabled).
Mitigation
There are multiple ways to mitigate this issue:

WSA-2012-2: [API] Remote execution of commands via scripts.

Vulnerability
CVE
CVE-2012-5534 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (detail)
CVSS score
10.0 / 10
Severity
critical
Vulnerability type
Improper input validation (detail)
Scope
API
Affected versions
0.3.0 → 0.3.9.1
Fixed version
0.3.9.2 () - ChangeLog
Tracker
Commits
Description
Untrusted command for function hook_process could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
Mitigation
Remove/unload all scripts calling the API function hook_process.

WSA-2011-1: [IRC] Possible man-in-the-middle attack in connection to IRC server.

Vulnerability
CVE
CVE-2011-1428 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)
CVSS score
5.3 / 10
Severity
medium
Vulnerability type
Improper input validation (detail)
Scope
IRC
Affected versions
0.1.3 → 0.3.4
Fixed version
0.3.5 () - ChangeLog
Tracker
Commits
Description
Due to insufficient check of SSL certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.