CVE-2017-8073

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

Published: Apr 23, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-8073
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
weechat / weechat	-	1.7.1
debian / debian_linux	8.0	8.0.x

http://www.debian.org/security/2017/dsa-3836
http://www.securityfocus.com/bid/97987
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
https://lists.fedoraproject.org/archives/list/[email protected]/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/
https://lists.fedoraproject.org/archives/list/[email protected]/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/
https://weechat.org/download/security/
https://weechat.org/news/95/20170422-Version-1.7.1/

Vulnerability Database

290,206

CVE-2017-8073