Overview: 1 vulnerability

WSA Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2026-3 6.5
Missing size limit for the unterminated IRC message or isupport value (message 005). Memory Allocation with Excessive Size Value IRC 0.3.3 → 4.9.1 4.9.2

WSA-2026-3: [IRC] Missing size limit for the unterminated IRC message or isupport value (message 005).

Vulnerability
CVE
Not available
CVSS vector
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
6.5 / 10
Severity
medium
Vulnerability type
Memory Allocation with Excessive Size Value (detail)
Scope
IRC
Affected versions
0.3.3 → 4.9.1
Fixed version
4.9.2 () - ChangeLog
Tracker
Not available
Commits
Commit Commit
Description
When receiving data on the socket, the IRC plugin builds a partial message until "\r\n" is found.
There is no limit for the allocated message.
A malicious server sending large amount of data without end of message ("\r\n") can lead to memory exhaustion and the WeeChat process can be killed by the OOM killer.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

GitHub Mastodon X

Copyright © 2003-2026 Sébastien HelleuAbout WeeChat.org — Theme: dark (light)