rpm package
opensuse/weechat&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/weechat&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46613 | — | < 4.5.1-1.1 | 4.5.1-1.1 | Nov 10, 2024 | WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags. | ||
| CVE-2020-8955 | — | < 3.2-1.3 | 3.2-1.3 | Feb 12, 2020 | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | ||
| CVE-2017-14727 | Hig | 7.5 | < 3.2-1.3 | 3.2-1.3 | Sep 23, 2017 | logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | |
| CVE-2017-8073 | Hig | 7.5 | < 3.2-1.3 | 3.2-1.3 | Apr 23, 2017 | WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. |
- CVE-2024-46613Nov 10, 2024affected < 4.5.1-1.1fixed 4.5.1-1.1
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.
- CVE-2020-8955Feb 12, 2020affected < 3.2-1.3fixed 3.2-1.3
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
- affected < 3.2-1.3fixed 3.2-1.3
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
- affected < 3.2-1.3fixed 3.2-1.3
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.