Weechat: >> Weechat >> 0.3.5 Security Vulnerabilities
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-11-10
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-03-23
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-09-23
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-04-23