Security vulnerabilities in version 0.1.3

This page lists all known and fixed security vulnerabilities in version 0.1.3 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2011-1 CVE-2011-1428 5.3
Possible man-in-the-middle attack in TLS connection to IRC server. Improper certificate validation IRC 0.1.3 → 0.3.4 0.3.5
WSA-2006-1 - 6.2
Crash in API function infobar_printf. Access of uninitialized pointer API 0.0.5 → 0.1.6 0.1.7

WSA-2011-1: [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.

Vulnerability
CVE
CVE-2011-1428 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (detail)
CVSS score
5.3 / 10
Severity
medium
Vulnerability type
Improper certificate validation (detail)
Scope
IRC
Affected versions
0.1.3 → 0.3.4
Fixed version
0.3.5 () - ChangeLog
Tracker
Commits
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2006-1: [API] Crash in API function infobar_printf.

Vulnerability
CVE
Not available
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
6.2 / 10
Severity
medium
Vulnerability type
Access of uninitialized pointer (detail)
Scope
API
Affected versions
0.0.5 → 0.1.6
Fixed version
0.1.7 () - ChangeLog
Tracker
Not available
Description
Strings are built with uncontrolled format in API function infobar_printf.
Mitigation
Remove/unload all scripts calling the API function infobar_printf.