Your submission was sent successfully! Close

CVE-2017-8073

Published: 23 April 2017

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
weechat
Launchpad, Ubuntu, Debian
precise Ignored
(reached end-of-life)
trusty Does not exist
(trusty was released [0.4.2-3ubuntu0.1])
upstream
Released (1.7-3)
xenial
Released (1.4-2ubuntu0.1)
yakkety
Released (1.5-1ubuntu0.1)
zesty
Released (1.7-2ubuntu0.1)