Overview: 1 vulnerability

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2013-1 - 5.5
Crash on nicks monitored with /notify. Access of uninitialized pointer IRC 0.3.6 → 0.4.0 0.4.1

WSA-2013-1: [IRC] Crash on nicks monitored with /notify.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (detail)
CVSS score
5.5 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
IRC
Affected versions
0.3.6 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Commit
Description
Strings are built with uncontrolled format when nicks containing "%" are monitored with command /notify.
Mitigation
Do not use command /notify with nicks containing formatting chars like "%".

GitHub Mastodon Diaspora Twitter

Copyright © 2003-2024 Sébastien HelleuAbout WeeChat.org — Theme: dark (light)