WeeChat :: documentation

Security vulnerabilities in version 0.3.1

This page lists all known and fixed security vulnerabilities in version 0.3.1 (back to the list of all versions).

Overview: 3 vulnerabilities

WSA	CVE	Score	Issue	Vulnerability type	Scope	Versions	Fix	Release date
WSA-2013-2	-	5.5	Crash on send of unknown commands to IRC server.	Access of uninitialized pointer	IRC	0.3.0 → 0.4.0	0.4.1	May 20, 2013
WSA-2012-2	CVE-2012-5534	10.0	Remote execution of commands via scripts.	Improper input validation	API	0.3.0 → 0.3.9.1	0.3.9.2	Nov 18, 2012
WSA-2011-1	CVE-2011-1428	5.3	Possible man-in-the-middle attack in TLS connection to IRC server.	Improper certificate validation	IRC	0.1.3 → 0.3.4	0.3.5	May 15, 2011

WSA-2013-2: [IRC] Crash on send of unknown commands to IRC server.

Vulnerability

CVE

Not available

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (detail)

CVSS score

5.5 / 10

Severity

medium

Vulnerability type

Access of uninitialized pointer (detail)

Scope

IRC

Affected versions

0.3.0 → 0.4.0

Fixed version

0.4.1 (May 20, 2013) - ChangeLog

Tracker

Not available

Commits

Description

Strings are built with uncontrolled format when unknown IRC commands are sent to server, if option irc.network.send_unknown_commands is enabled.

Mitigation

There are multiple ways to mitigate this issue:

Turn off option to send unknown commands: /set irc.network.send_unknown_commands off
Do not use formatting chars like "%" when sending unknown commands to server.

WSA-2012-2: [API] Remote execution of commands via scripts.

Vulnerability

CVE

CVE-2012-5534 [ MITRE / NVD ]

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (detail)

CVSS score

10.0 / 10

Severity

critical

Vulnerability type

Improper input validation (detail)

Scope

API

Affected versions

0.3.0 → 0.3.9.1

Fixed version

0.3.9.2 (Nov 18, 2012) - ChangeLog

Tracker

bug #37764

Commits

Description

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).

Mitigation

Remove/unload all scripts calling the API function hook_process.

WSA-2011-1: [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.

Vulnerability

CVE

CVE-2011-1428 [ MITRE / NVD ]

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)

CVSS score

5.3 / 10

Severity

medium

Vulnerability type

Improper certificate validation (detail)

Scope

IRC

Affected versions

0.1.3 → 0.3.4

Fixed version

0.3.5 (May 15, 2011) - ChangeLog

Tracker

patch #7459

Commits

Description

Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.

Mitigation

There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.