Overview: 1 vulnerability
WSA |
CVE |
Score |
Severity |
Issue |
Vulnerability type |
Scope |
Versions |
Fix |
Release date |
WSA-2017-1 |
CVE-2017-8073 |
7.5 |
|
Buffer overflow when receiving a DCC file. |
Out-of-bounds write |
IRC |
0.3.3 → 1.7 |
1.7.1 |
|
WSA-2017-1: [IRC] Buffer overflow when receiving a DCC file.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
(
detail)
Affected versions
0.3.3 → 1.7
Description
Buffer overflow when removing quotes in DCC filename.
Mitigation
With WeeChat ≥ 1.1, you can create a trigger:
/trigger add irc_dcc_quotes modifier "irc_in_privmsg" "${arguments} =~ ^[^ ]+ :${\x01}DCC SEND ${\x22} " "/.*//"
With any older version, there is no simple mitigation, you must upgrade WeeChat.
Credit
The issue was discovered by Tobias Stoeckmann.