CVE-2011-1428

2011-03-1622:55:00

Debian Security Bug Tracker

security-tracker.debian.org

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

OSVersionArchitecturePackageVersionFilename
Debian12allweechat< 0.3.5-1weechat_0.3.5-1_all.deb
Debian11allweechat< 0.3.5-1weechat_0.3.5-1_all.deb
Debian10allweechat< 0.3.5-1weechat_0.3.5-1_all.deb
Debian999allweechat< 0.3.5-1weechat_0.3.5-1_all.deb
Debian13allweechat< 0.3.5-1weechat_0.3.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	weechat	< 0.3.5-1	weechat_0.3.5-1_all.deb
Debian	11	all	weechat	< 0.3.5-1	weechat_0.3.5-1_all.deb
Debian	10	all	weechat	< 0.3.5-1	weechat_0.3.5-1_all.deb
Debian	999	all	weechat	< 0.3.5-1	weechat_0.3.5-1_all.deb
Debian	13	all	weechat	< 0.3.5-1	weechat_0.3.5-1_all.deb