WeeChat :: documentation

Security vulnerabilities in version 3.1

This page lists all known and fixed security vulnerabilities in version 3.1 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA	CVE	Score	Severity	Issue	Vulnerability type	Scope	Versions	Fix	Release date
WSA-2024-1	CVE-2024-46613	3.8		Integer overflow in loops on lists.	Integer Overflow or Wraparound	Core, Plugins	0.1.6 → 4.4.1	4.4.2	Sep 8, 2024
WSA-2021-1	CVE-2021-40516	7.5		Crash on malformed websocket frame in relay plugin.	Out-of-bounds read	Relay	0.4.1 → 3.2	3.2.1	Sep 4, 2021

WSA-2024-1: [Core, Plugins] Integer overflow in loops on lists.

Vulnerability

CVE

CVE-2024-46613 [ MITRE / NVD ]

CVSS vector

AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.8 / 10

Severity

low

Vulnerability type

Integer Overflow or Wraparound

Scope

Core, Plugins

Affected versions

0.1.6 → 4.4.1

Fixed version

4.4.2 (Sep 8, 2024) - ChangeLog

Tracker

issue #2178

Commits

Description

An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

Credit

The issue was discovered by Yiheng Cao.

WSA-2021-1: [Relay] Crash on malformed websocket frame in relay plugin.

Vulnerability

CVE

CVE-2021-40516 [ MITRE / NVD ]

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)

CVSS score

7.5 / 10

Severity

high

Vulnerability type

Out-of-bounds read (detail)

Scope

Relay

Affected versions

0.4.1 → 3.2

Fixed version

3.2.1 (Sep 4, 2021) - ChangeLog

Tracker

Not available

Commits

Description

A crash happens when decoding a malformed websocket frame in relay plugin.
This happens even if a password is set in relay plugin, the malformed websocket frame can be received before the authentication of the client.

Mitigation

There are multiple ways to mitigate this issue:

Rremove all relays, see: /help relay
Unload relay plugin with command: /plugin unload relay and see: /help weechat.plugin.autoload
Secure relay to allow only some trusted IP addresses, see: /help relay.network.allowed_ips

Credit

The issue was discovered by Stuart Nevans Locke.