Vulnerability Details CVE-2012-5854
Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
- http://osvdb.org/87279
- http://secunia.com/advisories/51377
- http://weechat.org/security/
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
- http://www.openwall.com/lists/oss-security/2012/11/12/2
- http://www.securityfocus.com/bid/56482
- https://savannah.nongnu.org/bugs/?37704
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
- http://osvdb.org/87279
- http://secunia.com/advisories/51377
- http://weechat.org/security/
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
- http://www.openwall.com/lists/oss-security/2012/11/12/2
- http://www.securityfocus.com/bid/56482
- https://savannah.nongnu.org/bugs/?37704
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330
Products affected by CVE-2012-5854
-
cpe:2.3:a:flashtux:weechat:0.3.6
-
cpe:2.3:a:flashtux:weechat:0.3.7
-
cpe:2.3:a:flashtux:weechat:0.3.8
-
cpe:2.3:a:flashtux:weechat:0.3.9