Lucene search

[email protected]CVE-2011-1428

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-1428

2022-10-0316:15:11

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-1428

weechat

ssl

x.509 certificate

gnutls api

security vulnerability

man-in-the-middle

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.7%

JSON

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

Affected configurations

NVD

Node

flashtuxweechatRange≤0.3.4

flashtuxweechatMatch0.0.1

flashtuxweechatMatch0.0.2

flashtuxweechatMatch0.0.3

flashtuxweechatMatch0.0.4

flashtuxweechatMatch0.0.5

flashtuxweechatMatch0.0.6

flashtuxweechatMatch0.0.7

flashtuxweechatMatch0.0.8

flashtuxweechatMatch0.0.9

flashtuxweechatMatch0.1.0

flashtuxweechatMatch0.1.1

flashtuxweechatMatch0.1.2

flashtuxweechatMatch0.1.3

flashtuxweechatMatch0.1.4

flashtuxweechatMatch0.1.5

flashtuxweechatMatch0.1.6

flashtuxweechatMatch0.1.7

flashtuxweechatMatch0.1.8

flashtuxweechatMatch0.1.9

flashtuxweechatMatch0.2.0

flashtuxweechatMatch0.2.1

flashtuxweechatMatch0.2.2

flashtuxweechatMatch0.2.3

flashtuxweechatMatch0.2.4

flashtuxweechatMatch0.2.5

flashtuxweechatMatch0.2.6

flashtuxweechatMatch0.2.6.1

flashtuxweechatMatch0.2.6.2

flashtuxweechatMatch0.2.6.3

flashtuxweechatMatch0.3.0

flashtuxweechatMatch0.3.1

flashtuxweechatMatch0.3.1.1

flashtuxweechatMatch0.3.2

flashtuxweechatMatch0.3.3

CPENameOperatorVersion
flashtux:weechatflashtux weechatle0.3.4
flashtux:weechatflashtux weechateq0.0.1
flashtux:weechatflashtux weechateq0.0.2
flashtux:weechatflashtux weechateq0.0.3
flashtux:weechatflashtux weechateq0.0.4
flashtux:weechatflashtux weechateq0.0.5
flashtux:weechatflashtux weechateq0.0.6
flashtux:weechatflashtux weechateq0.0.7
flashtux:weechatflashtux weechateq0.0.8
flashtux:weechatflashtux weechateq0.0.9

CPE	Name	Operator	Version
flashtux:weechat	flashtux weechat	le	0.3.4
flashtux:weechat	flashtux weechat	eq	0.0.1
flashtux:weechat	flashtux weechat	eq	0.0.2
flashtux:weechat	flashtux weechat	eq	0.0.3
flashtux:weechat	flashtux weechat	eq	0.0.4
flashtux:weechat	flashtux weechat	eq	0.0.5
flashtux:weechat	flashtux weechat	eq	0.0.6
flashtux:weechat	flashtux weechat	eq	0.0.7
flashtux:weechat	flashtux weechat	eq	0.0.8
flashtux:weechat	flashtux weechat	eq	0.0.9