Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-8073

Published: 23/04/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Weechat

Vulnerability Summary

WeeChat prior to 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

weechat weechat

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: weechat: CVE-2017-8073
Debian Bug report logs - #861121 weechat: CVE-2017-8073 Package: src:weechat; Maintainer for src:weechat is Emmanuel Bouthenot <kolter@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Apr 2017 19:39:01 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in versio ...
Debian Security Advisories: DSA-3836-1 weechat -- security update
It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC For the stable distribution (jessie), this problem has been fixed in version 101-1+deb8u1 For the unstable distributi ...
Arch Linux Issues:
WeeChat before 171 allows a remote crash by sending a filename via DCC to the IRC plugin This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, which results in a buffer overflow ...

References

CWE-119https://weechat.org/news/95/20170422-Version-1.7.1/https://weechat.org/download/security/https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70bhttp://www.securityfocus.com/bid/97987http://www.debian.org/security/2017/dsa-3836https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121https://nvd.nist.govhttps://www.debian.org/security/./dsa-3836
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook