Vulnerabilities > Weechat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-02 | CVE-2022-28352 | Improper Certificate Validation vulnerability in Weechat WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. | 4.0 |
| 2021-09-05 | CVE-2021-40516 | Out-of-bounds Read vulnerability in multiple products WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. | 5.0 |
| 2020-03-23 | CVE-2020-9760 | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). | 7.5 |
| 2020-02-12 | CVE-2020-8955 | Classic Buffer Overflow vulnerability in multiple products irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | 9.8 |
| 2017-09-23 | CVE-2017-14727 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | 5.0 |
| 2017-04-23 | CVE-2017-8073 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. | 7.5 |