4 matches found
CVE-2009-0661
WeeChat 0.2.6 contains a denial-of-service vulnerability: a remote attacker can crash the client by sending a crafted PRIVMSG with color codes, triggering an out-of-bounds read in the colored message handling. Advisories (Gentoo GLSA 200904-04, Fedora advisories FEDORA-2009-2859/2861, Gentoo GLSA...
CVE-2012-5854
WeeChat is affected by two CVEs: CVE-2012-5854 (heap-based buffer overflow when decoding IRC colors) and CVE-2012-5534 (shell expansions in hook_process). These vulnerabilities were fixed by patches/upgrades to WeeChat 0.3.9.2+; advisories across Gentoo, Mandriva, openSUSE, Fedora, and others ref...
CVE-2012-5534
WeeChat vulnerability CVE-2012-5534 affects the hook_process() in the plugin API for versions 0.3.0–0.3.9.1, allowing remote command execution via shell metacharacters in a plugin-derived command (shell expansion). Impact described across several advisories: remote code execution or other effects...
CVE-2011-1428
WeeChat (Wee Enhanced Environment for Chat) versions up to 0.3.4 are affected by CVE-2011-1428, where the client does not properly validate that the server hostname matches the subject of an X.509 certificate, enabling MITM with an arbitrary certificate due to incorrect GnuTLS API usage. Exploita...