Overview: 1 vulnerability

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2025-4 - 7.0
Buffer overflow in parsing of date/time. Out-of-bounds write Core 4.2.0 → 4.6.2 4.6.3

WSA-2025-4: [Core] Buffer overflow in parsing of date/time.

Vulnerability
CVE
Not available
CVSS vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)
CVSS score
7.0 / 10
Severity
high
Vulnerability type
Out-of-bounds write (detail)
Scope
Core
Affected versions
4.2.0 → 4.6.2
Fixed version
4.6.3 () - ChangeLog
Tracker
Not available
Commits
Commit
Description
Buffer overflow in function util_parse_time when the received date/time has no date and a length of 117 or more chars.
It can be an issue in IRC plugin, where the "time" tag received in IRC messages is parsed using this function.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

GitHub Mastodon Diaspora X

Copyright © 2003-2025 Sébastien HelleuAbout WeeChat.org — Theme: dark (light)