weechat -- Crash or freeze when decoding IRC colors in strings

2012-11-0900:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.112 Low

EPSS

Percentile

95.2%

JSON

Sebastien Helleu reports:

A buffer overflow is causing a crash or freeze of WeeChat when
decoding IRC colors in strings.
Workaround for a non-patched version:
/set irc.network.colors_receive off

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchweechat= 0.3.6UNKNOWN
FreeBSDanynoarchweechat< 0.3.9.1UNKNOWN
FreeBSDanynoarchweechat-devel= 20110614UNKNOWN
FreeBSDanynoarchweechat-devel< 20121110UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	weechat	= 0.3.6	UNKNOWN
FreeBSD	any	noarch	weechat	< 0.3.9.1	UNKNOWN
FreeBSD	any	noarch	weechat-devel	= 20110614	UNKNOWN
FreeBSD	any	noarch	weechat-devel	< 20121110	UNKNOWN