Overview: 1 vulnerability

WSA Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2026-7 7.5
Buffer overflow when receiving a line in a Xfer chat (DCC chat) buffer. Out-of-bounds read Xfer 1.3 → 4.9.1 4.9.2

WSA-2026-7: [Xfer] Buffer overflow when receiving a line in a Xfer chat (DCC chat) buffer.

Vulnerability
CVE
Not available
CVSS vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
Xfer
Affected versions
1.3 → 4.9.1
Fixed version
4.9.2 () - ChangeLog
Tracker
issue #2323
Commits
Commit
Description
An empty line received in Xfer chat (DCC chat) causes a read before the beginning of a buffer.
This can lead to a crash of WeeChat.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
Credit
The issue was discovered by aizu-m.

GitHub Mastodon X

Copyright © 2003-2026 Sébastien HelleuAbout WeeChat.org — Theme: light (dark)