High severityNVD Advisory· Published Aug 4, 2023· Updated Oct 9, 2024
twitch-tui's connection is not encrypted
CVE-2023-38688
Description
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
twitch-tuicrates.io | < 2.4.1 | 2.4.1 |
Affected products
2- Range: < 2.4.1
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-779w-xvpm-78jxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-38688ghsaADVISORY
- github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rsghsax_refsource_MISCWEB
- github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350aghsax_refsource_MISCWEB
- github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jxghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.