Security vulnerabilities in version 0.3.3
This page lists all known and fixed security vulnerabilities in version 0.3.3 (back to the list of all versions ).
Overview: 5 vulnerabilities
WSA CVE
Score
Severity
Issue
Vulnerability type
Scope
Versions Fix
Release date
WSA-2017-2 CVE-2017-14727
7.5
Use of invalid pointer in build of log filename.
Access of uninitialized pointer
Logger
0.3.2 → 1.9
1.9.1
Sep 23, 2017
WSA-2017-1 CVE-2017-8073
7.5
Buffer overflow when receiving a DCC file.
Out-of-bounds write
IRC
0.3.3 → 1.7
1.7.1
Apr 22, 2017
WSA-2013-2 -
5.5
Crash on send of unknown commands to IRC server.
Access of uninitialized pointer
IRC
0.3.0 → 0.4.0
0.4.1
May 20, 2013
WSA-2012-2 CVE-2012-5534
10.0
Remote execution of commands via scripts.
Improper input validation
API
0.3.0 → 0.3.9.1
0.3.9.2
Nov 18, 2012
WSA-2011-1 CVE-2011-1428
5.3
Possible man-in-the-middle attack in TLS connection to IRC server.
Improper certificate validation
IRC
0.1.3 → 0.3.4
0.3.5
May 15, 2011
WSA-2017-2 : [Logger] Use of invalid pointer in build of log filename.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
(
detail )
Access of uninitialized pointer
(
detail )
Affected versions
0.3.2 → 1.9
Description
Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer.
Mitigation
You can unload the logger plugin, thus stopping recording of all buffers:
/plugin unload logger.
Credit
The issue was discovered by Joseph Bisch.
WSA-2017-1 : [IRC] Buffer overflow when receiving a DCC file.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
(
detail )
Affected versions
0.3.3 → 1.7
Description
Buffer overflow when removing quotes in DCC filename.
Mitigation
With WeeChat ≥ 1.1, you can create a trigger:
/trigger add irc_dcc_quotes modifier "irc_in_privmsg" "${arguments} =~ ^[^ ]+ :${\x01}DCC SEND ${\x22} " "/.*//"
With any older version, there is no simple mitigation, you must upgrade WeeChat.
Credit
The issue was discovered by Tobias Stoeckmann.
WSA-2013-2 : [IRC] Crash on send of unknown commands to IRC server.
Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
(
detail )
Access of uninitialized pointer
(
detail )
Affected versions
0.3.0 → 0.4.0
Description
Strings are built with uncontrolled format when unknown IRC commands are sent to server, if option
irc.network.send_unknown_commands is enabled.
Mitigation
There are multiple ways to mitigate this issue:
Turn off option to send unknown commands: /set irc.network.send_unknown_commands off
Do not use formatting chars like "%" when sending unknown commands to server.
WSA-2012-2 : [API] Remote execution of commands via scripts.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
(
detail )
Improper input validation
(
detail )
Affected versions
0.3.0 → 0.3.9.1
Description
Untrusted command for function hook_process could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
Mitigation
Remove/unload all scripts calling the API function hook_process.
WSA-2011-1 : [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
(
detail )
Improper certificate validation
(
detail )
Affected versions
0.1.3 → 0.3.4
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.