CVE-2021-40516 — Out-of-bounds Read in Weechat

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 23.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Weechat Debian Weechat Debian Linux

Timeline

PublishedSep 5

Latest updateMay 24

Description

WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/weechat< weechat 3.2.1-1 (bookworm)

▶NVDweechat/weechat0.4.1 — 3.2.1

▶Debianweechat/weechat< 3.0-1+deb11u1+3

▶Ubuntuweechat/weechat< 1.4-2ubuntu0.1+esm1+2

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: weechat.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-82mm-45xg-j4xh: WeeChat before 3↗2022-05-24

▶

OSV

weechat vulnerabilities↗2022-02-04

▶

OSV

CVE-2021-40516: WeeChat before 3↗2021-09-05

▶

📋Vendor Advisories

Ubuntu

WeeChat vulnerabilities↗2022-02-04

▶

Debian

CVE-2021-40516: weechat - WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash...↗2021

▶