Security vulnerabilities in version 3.2

This page lists all known and fixed security vulnerabilities in version 3.2 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2022-1 CVE-2022-28352 4.3
Possible man-in-the-middle attack in TLS connection to servers. IRC, Plugins Improper certificate validation 3.2 → 3.4 3.4.1
WSA-2021-1 CVE-2021-40516 7.5
Crash on malformed websocket frame in relay plugin. Relay Out-of-bounds read 0.4.1 → 3.2 3.2.1

WSA-2022-1: [IRC, Plugins] Possible man-in-the-middle attack in TLS connection to servers.

Vulnerability
CVE
CVE-2022-28352 [ MITRE / NVD ]
CVSS vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (detail)
CVSS score
4.3 / 10
Severity
medium
Vulnerability type
Improper certificate validation (detail)
Scope
IRC, Plugins
Affected versions
3.2 → 3.4
Fixed version
3.4.1 () - ChangeLog
Tracker
Commits
Description
After changing the options weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user, the TLS verification function is lost.
Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attack.
Connection to IRC servers with TLS is affected, as well as any connection a server made by a plugin or a script using the function hook_connect.
Mitigation
After changing options weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user, you must restart WeeChat.

WSA-2021-1: [Relay] Crash on malformed websocket frame in relay plugin.

Vulnerability
CVE
CVE-2021-40516 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
Relay
Affected versions
0.4.1 → 3.2
Fixed version
3.2.1 () - ChangeLog
Tracker
Not available
Commits
Description
A crash happens when decoding a malformed websocket frame in relay plugin.
This happens even if a password is set in relay plugin, the malformed websocket frame can be received before the authentication of the client.
Mitigation
There are multiple ways to mitigate this issue:
Credit
The issue was discovered by Stuart Nevans Locke.