Security vulnerabilities in version 4.1.0 
  
  This page lists all known and fixed security vulnerabilities in version 4.1.0 (back to the list of all versions ).
  Overview: 6 vulnerabilities
 
  
    
      
        WSA CVE 
        Score 
        Severity 
        Issue 
        Vulnerability type 
        Scope 
        Versions Fix Release date 
       
     
    
      
      
        WSA-2025-7 - 
        3.9 
        Buffer overflow in range of chars in evaluated expressions. 
        Out-of-bounds read 
        Core 
        3.8 → 4.6.2 
        4.6.3 
        May 11, 2025  
    
      
        WSA-2025-6 - 
        3.9 
        Buffer overflow in base 32 encoding in evaluated expressions. 
        Out-of-bounds write 
        Core 
        2.9 → 4.6.2 
        4.6.3 
        May 11, 2025  
    
      
        WSA-2025-3 - 
        3.9 
        Integer overflow in conversion of version to an integer number. 
        Integer Overflow or Wraparound 
        Core 
        0.3.2 → 4.6.2 
        4.6.3 
        May 11, 2025  
    
      
        WSA-2025-2 - 
        3.9 
        Integer overflow in base32 decode/encode functions. 
        Integer Overflow or Wraparound 
        Core 
        2.4 → 4.6.2 
        4.6.3 
        May 11, 2025  
    
      
        WSA-2025-1 - 
        3.9 
        Integer overflow with decimal numbers in calculation of expression. 
        Integer Overflow or Wraparound 
        Core 
        2.7 → 4.6.2 
        4.6.3 
        May 11, 2025  
    
      
        WSA-2024-1 CVE-2024-46613 
        3.8 
        Integer overflow in loops on lists. 
        Integer Overflow or Wraparound 
        Core, Plugins 
        0.1.6 → 4.4.1 
        4.4.2 
        Sep 8, 2024  
    
     
  
 
  WSA-2025-7 : [Core] Buffer overflow in range of chars in evaluated expressions.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
  
  
    
      Affected versions
    
    
      
        3.8 → 4.6.2
       
    
   
  
  
  
  
 
Description 
Buffer overflow in range of chars in evaluated expressions.
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
  WSA-2025-6 : [Core] Buffer overflow in base 32 encoding in evaluated expressions.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
  
  
    
      Affected versions
    
    
      
        2.9 → 4.6.2
       
    
   
  
  
  
  
 
Description 
A buffer overflow happens in base 32 encoding in evaluated expressions, where padding is made in the resulting string.
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
  WSA-2025-3 : [Core] Integer overflow in conversion of version to an integer number.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
    
    
      Integer Overflow or Wraparound
      
      (
detail )
      
    
 
  
  
    
      Affected versions
    
    
      
        0.3.2 → 4.6.2
       
    
   
  
  
  
  
 
Description 
Integer overflow happens in conversion of a version as string to an integer number, if the version is greater than 0x7FFFFFFF (127.255.255.255), so if the version is at least 0x80000000 (128.0.0.0).
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
  WSA-2025-2 : [Core] Integer overflow in base32 decode/encode functions.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
    
    
      Integer Overflow or Wraparound
      
      (
detail )
      
    
 
  
  
    
      Affected versions
    
    
      
        2.4 → 4.6.2
       
    
   
  
  
  
  
 
Description 
An integer overflow may happen in base32 encode/decode functions.
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
  WSA-2025-1 : [Core] Integer overflow with decimal numbers in calculation of expression.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
    
    
      Integer Overflow or Wraparound
      
      (
detail )
      
    
 
  
  
    
      Affected versions
    
    
      
        2.7 → 4.6.2
       
    
   
  
  
  
  
 
Description 
An integer overflow happens when using numbers with 9 or more decimals in calculation of expression, for example: 
/eval -n ${calc:0.123456789}.
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
  WSA-2024-1 : [Core, Plugins] Integer overflow in loops on lists.
 
Vulnerability 
  
  
  
    
    
      AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
      (
detail )
    
 
  
  
  
  
    
    
      Integer Overflow or Wraparound
      
      (
detail )
      
    
 
  
  
    
      Affected versions
    
    
      
        0.1.6 → 4.4.1
       
    
   
  
  
  
  
 
Description 
An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.
Mitigation 
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
Credit 
The issue was discovered by Yiheng Cao.