Main Vulnerability Database SB2024121841

SB2024121841 - Integer overflow in WeeChat

Published: December 18, 2024

Security Bulletin ID SB2024121841

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2024-46613)

The vulnerability allows an attacker to execute arbitrary code.

The vulnerability exists due to integer overflow when looping over items in a list within the string_free_split_shared(), string_free_split(), string_free_split_command(), and string_free_split_tags() functions in core/core-string.c. An attacker with physical access to the system can trigger an integer overflow and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

https://weechat.org/doc/weechat/security/WSA-2024-1/
https://github.com/weechat/weechat/issues/2178