VYPR
Medium severity4.3NVD Advisory· Published Apr 2, 2022· Updated Jun 17, 2026

CVE-2022-28352

CVE-2022-28352

Description

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WeeChat/Wee Enhanced Environment for Chatdescription
  • Flashtux/Weechatllm-fuzzy
    Range: <3.4.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.