Overview: 1 vulnerability

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2013-3 - 7.5
Crash on IRC commands sent via Relay. Access of uninitialized pointer Relay 0.3.8 → 0.4.0 0.4.1

WSA-2013-3: [Relay] Crash on IRC commands sent via Relay.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Access of uninitialized pointer (detail)
Scope
Relay
Affected versions
0.3.8 → 0.4.0
Fixed version
0.4.1 () - ChangeLog
Tracker
Not available
Commits
Commit
Description
Strings are built with uncontrolled format when IRC commands are redirected by relay plugin. If the output or redirected command contains formatting chars like "%", this can lead to a crash of WeeChat.
Mitigation
You can remove all relays of type "irc", see /help relay.

GitHub Mastodon Diaspora Twitter

Copyright © 2003-2024 Sébastien HelleuAbout WeeChat.org — Theme: dark (light)