WeeChat :: documentation

Security vulnerabilities in version 2.7.1

This page lists all known and fixed security vulnerabilities in version 2.7.1 (back to the list of all versions).

Overview: 1 vulnerability

WSA	CVE	Score	Severity	Issue	Vulnerability type	Scope	Versions	Fix	Release date
WSA-2021-1	CVE-2021-40516	7.5		Crash on malformed websocket frame in relay plugin.	Out-of-bounds read	Relay	0.4.1 → 3.2	3.2.1	Sep 4, 2021

WSA-2021-1: [Relay] Crash on malformed websocket frame in relay plugin.

Vulnerability

CVE

CVE-2021-40516 [ MITRE / NVD ]

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)

CVSS score

7.5 / 10

Severity

high

Vulnerability type

Out-of-bounds read (detail)

Scope

Relay

Affected versions

0.4.1 → 3.2

Fixed version

3.2.1 (Sep 4, 2021) - ChangeLog

Tracker

Not available

Commits

Description

A crash happens when decoding a malformed websocket frame in relay plugin.
This happens even if a password is set in relay plugin, the malformed websocket frame can be received before the authentication of the client.

Mitigation

There are multiple ways to mitigate this issue:

Rremove all relays, see: /help relay
Unload relay plugin with command: /plugin unload relay and see: /help weechat.plugin.autoload
Secure relay to allow only some trusted IP addresses, see: /help relay.network.allowed_ips

Credit

The issue was discovered by Stuart Nevans Locke.