Security vulnerabilities in version 0.1.3
This page lists all known and fixed security vulnerabilities in version 0.1.3 (back to the list of all versions).
Overview: 2 vulnerabilities
WSA |
CVE |
Score |
Severity |
Issue |
Vulnerability type |
Scope |
Versions |
Fix |
Release date |
WSA-2011-1 |
CVE-2011-1428 |
5.3 |
|
Possible man-in-the-middle attack in TLS connection to IRC server. |
Improper certificate validation |
IRC |
0.1.3 → 0.3.4 |
0.3.5 |
|
WSA-2006-1 |
- |
6.2 |
|
Crash in API function infobar_printf. |
Access of uninitialized pointer |
API |
0.0.5 → 0.1.6 |
0.1.7 |
|
WSA-2011-1: [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
(
detail)
Improper certificate validation
(
detail)
Affected versions
0.1.3 → 0.3.4
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
WSA-2006-1: [API] Crash in API function infobar_printf.
Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
(
detail)
Access of uninitialized pointer
(
detail)
Affected versions
0.0.5 → 0.1.6
Description
Strings are built with uncontrolled format in API function infobar_printf.
Mitigation
Remove/unload all scripts calling the API function infobar_printf.