Published: 23/09/2017 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

logger.c in the logger plugin in WeeChat prior to 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

Vulnerable Product	Search on Vulmon	Subscribe to Product
weechat logger -

Debian Bug report logs - #876553 weechat: CVE-2017-14727: crash in logger plugin when converting date/time specifiers in file mask Package: src:weechat; Maintainer for src:weechat is Emmanuel Bouthenot <kolter@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Sep 2017 16:57:01 UTC Sever ...

It has been discovered that in loggerc in the logger plugin before weechat 191 the date/time conversion specifiers are expanded after replacing buffer local variables in name of log files In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer ...

CWE-119 https://weechat.org/news/98/20170923-Version-1.9.1-security-release/https://weechat.org/download/security/https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556 http://www.securityfocus.com/bid/101003 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-14727

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14727

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect