CVE-2011-1428 — Improper Input Validation in Weechat

CWE-20 — Improper Input Validation7 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 62.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Weechat Debian Weechat Flashtux Weechat

Timeline

PublishedMar 16

Latest updateMay 17

Description

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/weechat< weechat 0.3.5-1 (bookworm)

▶Debianweechat/weechat< 0.3.5-1+3

▶NVDflashtux/weechat0.3.4+34

Patches

Patch: savannah.nongnu.org ↗Patch: savannah.nongnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-4663-xvr2-gqpr: Wee Enhanced Environment for Chat (aka WeeChat) 0↗2022-05-17

▶

OSV

CVE-2011-1428: Wee Enhanced Environment for Chat (aka WeeChat) 0↗2011-03-16

▶

📋Vendor Advisories

Debian

CVE-2011-1428: weechat - Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not prope...↗2011

▶

💬Community

Bugzilla

CVE-2011-1428 weechat: improper verification of X.509 certificates can lead to MITM attacks [epel-all]↗2011-03-17

▶

Bugzilla

CVE-2011-1428 weechat: improper verification of X.509 certificates can lead to MITM attacks [fedora-all]↗2011-03-17

▶

Bugzilla

CVE-2011-1428 weechat: improper verification of X.509 certificates can lead to MITM attacks↗2011-03-17

▶