WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5258-1 advisory.

    Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames.
    A remote attacker in control of a server could possibly use this issue to cause denial of service in a     client. (CVE-2021-40516)

    Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote attacker in     control of a server could possibly use this issue to cause denial of service in a client. This issue only     affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760)

    Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote     unauthenticated attacker could possibly use these issues to cause denial of service in a client. These     issues only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955)

    Joseph Bisch discovered that WeeChat's logger incorrectly handled certain memory operations when handling     log file names. A remote attacker could possibly use this issue to cause denial of service in a client.
    This issue only affected Ubuntu 16.04 ESM. (CVE-2017-14727)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0083-1 advisory.

  - WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket     frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
    (CVE-2021-40516)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2770 advisory.

  - irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause     a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via     a malformed IRC message 324 (channel mode). (CVE-2020-8955)

  - A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and     overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit     this vulnerability through crafted configuration files and executable files. (CVE-2020-9759)

  - An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is     received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is     set for a nick. (CVE-2020-9760)

  - WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket     frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
    (CVE-2021-40516)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
183150	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : WeeChat vulnerabilities (USN-5258-1)	Nessus	Ubuntu Local Security Checks	critical
159075	openSUSE 15 Security Update : weechat (openSUSE-SU-2022:0083-1)	Nessus	SuSE Local Security Checks	high
153809	Debian DLA-2770-1 : weechat - LTS security update	Nessus	Debian Local Security Checks	critical

Detections

Analytics

CVE-2021-40516

high

Tenable Plugins

critical

high

critical