Medium severity4.3NVD Advisory· Published Apr 2, 2022· Updated Jun 17, 2026
CVE-2022-28352
CVE-2022-28352
Description
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WeeChat/Wee Enhanced Environment for Chatdescription
Patches
Vulnerability mechanics
References
2- github.com/weechat/weechat/issues/1763nvdExploitIssue TrackingMitigationThird Party Advisory
- weechat.org/doc/security/WSA-2022-1/nvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.