Vulnerabilities > Weechat

DATE CVE VULNERABILITY TITLE RISK
2022-04-02 CVE-2022-28352 Improper Certificate Validation vulnerability in Weechat
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate.
network
high complexity
weechat CWE-295
4.0
2021-09-05 CVE-2021-40516 Out-of-bounds Read vulnerability in multiple products
WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
network
low complexity
weechat debian CWE-125
5.0
2020-03-23 CVE-2020-9760 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected).
network
low complexity
weechat debian CWE-120
7.5
2020-02-12 CVE-2020-8955 Classic Buffer Overflow vulnerability in multiple products
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
network
low complexity
weechat fedoraproject opensuse debian CWE-120
critical
9.8
2017-09-23 CVE-2017-14727 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
network
low complexity
weechat CWE-119
5.0
2017-04-23 CVE-2017-8073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin.
network
low complexity
weechat debian CWE-119
7.5