WeeChat :: documentation

WeeChat

Security vulnerabilities in version 4.2.2

This page lists all known and fixed security vulnerabilities in version 4.2.2 (back to the list of all versions).

Overview: 9 vulnerabilities

WSA	Score	Issue	Vulnerability type	Scope	Versions	Fix	Release date
WSA-2026-2	7.4	Non-constant time password/hash comparison.	Observable Timing Discrepancy	API, Relay	0.3.4 → 4.9.0	4.9.1	May 31, 2026
WSA-2025-7	3.9	Buffer overflow in range of chars in evaluated expressions.	Out-of-bounds read	Core	3.8 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-6	3.9	Buffer overflow in base 32 encoding in evaluated expressions.	Out-of-bounds write	Core	2.9 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-5	3.9	Buffer overflow in syntax highlighting of evaluated expressions.	Out-of-bounds read	Core	4.2.0 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-4	7.0	Buffer overflow in parsing of date/time.	Out-of-bounds write	Core	4.2.0 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-3	3.9	Integer overflow in conversion of version to an integer number.	Integer Overflow or Wraparound	Core	0.3.2 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-2	3.9	Integer overflow in base32 decode/encode functions.	Integer Overflow or Wraparound	Core	2.4 → 4.6.2	4.6.3	May 11, 2025
WSA-2025-1	3.9	Integer overflow with decimal numbers in calculation of expression.	Integer Overflow or Wraparound	Core	2.7 → 4.6.2	4.6.3	May 11, 2025
WSA-2024-1	3.8	Integer overflow in loops on lists.	Integer Overflow or Wraparound	Core, Plugins	0.1.6 → 4.4.1	4.4.2	Sep 8, 2024

WSA-2026-2: [API, Relay] Non-constant time password/hash comparison.

Vulnerability

CVE

Pending

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H (detail)

CVSS score

7.4 / 10

Severity

high

Vulnerability type

Observable Timing Discrepancy (detail)

Scope

API, Relay

Affected versions

0.3.4 → 4.9.0

Fixed version

4.9.1 (May 31, 2026) - ChangeLog

Tracker

GHSA-vhv8-g2r9-cwcc

Commits

Description

WeeChat uses non-constant time password/hash comparison in the Relay plugin and in TOTP validation.
This could allow an attacker to guess a password, a hash or a TOTP and bypass relay authentication.

Mitigation

There are multiple ways to mitigate this issue:

Rremove all relays, see: /help relay
Unload relay plugin with command: /plugin unload relay and see: /help weechat.plugin.autoload
Secure relay to allow only some trusted IP addresses, see: /help relay.network.allowed_ips

Credit

The issue was discovered by Tristan Madani (@TristanInSec) from Talence Security.

WSA-2025-7: [Core] Buffer overflow in range of chars in evaluated expressions.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Out-of-bounds read (detail)

Scope

Core

Affected versions

3.8 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

Buffer overflow in range of chars in evaluated expressions.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-6: [Core] Buffer overflow in base 32 encoding in evaluated expressions.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Out-of-bounds write (detail)

Scope

Core

Affected versions

2.9 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

A buffer overflow happens in base 32 encoding in evaluated expressions, where padding is made in the resulting string.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-5: [Core] Buffer overflow in syntax highlighting of evaluated expressions.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Out-of-bounds read (detail)

Scope

Core

Affected versions

4.2.0 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

Buffer overflow in syntax highlighting of evaluated expressions.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-4: [Core] Buffer overflow in parsing of date/time.

Vulnerability

CVE

Not available

CVSS vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

7.0 / 10

Severity

high

Vulnerability type

Out-of-bounds write (detail)

Scope

Core

Affected versions

4.2.0 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

Buffer overflow in function util_parse_time when the received date/time has no date and a length of 117 or more chars.
It can be an issue in IRC plugin, where the "time" tag received in IRC messages is parsed using this function.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-3: [Core] Integer overflow in conversion of version to an integer number.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Integer Overflow or Wraparound (detail)

Scope

Core

Affected versions

0.3.2 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

Integer overflow happens in conversion of a version as string to an integer number, if the version is greater than 0x7FFFFFFF (127.255.255.255), so if the version is at least 0x80000000 (128.0.0.0).

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-2: [Core] Integer overflow in base32 decode/encode functions.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Integer Overflow or Wraparound (detail)

Scope

Core

Affected versions

2.4 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

An integer overflow may happen in base32 encode/decode functions.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2025-1: [Core] Integer overflow with decimal numbers in calculation of expression.

Vulnerability

CVE

Not available

CVSS vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.9 / 10

Severity

medium

Vulnerability type

Integer Overflow or Wraparound (detail)

Scope

Core

Affected versions

2.7 → 4.6.2

Fixed version

4.6.3 (May 11, 2025) - ChangeLog

Tracker

Not available

Commits

Description

An integer overflow happens when using numbers with 9 or more decimals in calculation of expression, for example: /eval -n ${calc:0.123456789}.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

WSA-2024-1: [Core, Plugins] Integer overflow in loops on lists.

Vulnerability

CVE

CVE-2024-46613 [ MITRE / NVD ]

CVSS vector

AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)

CVSS score

3.8 / 10

Severity

low

Vulnerability type

Integer Overflow or Wraparound (detail)

Scope

Core, Plugins

Affected versions

0.1.6 → 4.4.1

Fixed version

4.4.2 (Sep 8, 2024) - ChangeLog

Tracker

issue #2178

Commits

Description

An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.

Mitigation

There is no known mitigation.
The upgrade to the latest stable version is highly recommended.

Credit

The issue was discovered by Yiheng Cao.