Security vulnerabilities in version 0.1.6
This page lists all known and fixed security vulnerabilities in version 0.1.6 (back to the list of all versions ).
Overview: 3 vulnerabilities
WSA
CVE
Score
Severity
Issue
Vulnerability type
Scope
Versions
Fix
Release date
WSA-2024-1
CVE-2024-46613
3.8
Integer overflow in loops on lists.
Integer Overflow or Wraparound
Core, Plugins
0.1.6 → 4.4.1
4.4.2
Sep 8, 2024
WSA-2011-1
CVE-2011-1428
5.3
Possible man-in-the-middle attack in TLS connection to IRC server.
Improper certificate validation
IRC
0.1.3 → 0.3.4
0.3.5
May 15, 2011
WSA-2006-1
-
6.2
Crash in API function infobar_printf.
Access of uninitialized pointer
API
0.0.5 → 0.1.6
0.1.7
Jan 14, 2006
WSA-2024-1 : [Core, Plugins] Integer overflow in loops on lists.
Vulnerability
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
(
detail )
Integer Overflow or Wraparound
Affected versions
0.1.6 → 4.4.1
Description
An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
Credit
The issue was discovered by Yiheng Cao.
WSA-2011-1 : [IRC] Possible man-in-the-middle attack in TLS connection to IRC server.
Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
(
detail )
Improper certificate validation
(
detail )
Affected versions
0.1.3 → 0.3.4
Description
Due to insufficient check of TLS certificate in IRC plugin, man-in-the-middle attackers can spoof a server via an arbitrary certificate.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
WSA-2006-1 : [API] Crash in API function infobar_printf.
Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
(
detail )
Access of uninitialized pointer
(
detail )
Affected versions
0.0.5 → 0.1.6
Description
Strings are built with uncontrolled format in API function infobar_printf.
Mitigation
Remove/unload all scripts calling the API function infobar_printf.