Security vulnerabilities in version 0.0.8

This page lists all known and fixed security vulnerabilities in version 0.0.8 (back to the list of all versions).

Overview: 1 vulnerability

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2006-1 - 6.2
Crash in API function infobar_printf. Access of uninitialized pointer API 0.0.5 → 0.1.6 0.1.7

WSA-2006-1: [API] Crash in API function infobar_printf.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
6.2 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
API
Affected versions
0.0.5 → 0.1.6
Fixed version
0.1.7 () - ChangeLog
Tracker
Not available
Description
Strings are built with uncontrolled format in API function infobar_printf.
Mitigation
Remove/unload all scripts calling the API function infobar_printf.