Integer overflow in WeeChat
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-46613 |
| CWE-ID | CWE-190 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
WeeChat Client/Desktop applications / Messaging software |
| Vendor | WeeChat.org |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU101837
Risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46613
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code.
The vulnerability exists due to integer overflow when looping over items in a list within the string_free_split_shared(), string_free_split(), string_free_split_command(), and string_free_split_tags() functions in core/core-string.c. An attacker with physical access to the system can trigger an integer overflow and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsWeeChat: 4.0.0 - 4.4.1
CPE2.3- cpe:2.3:a:weechat_org:weechat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:weechat_org:weechat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:weechat_org:weechat:4.0.2:*:*:*:*:*:*:*
http://weechat.org/doc/weechat/security/WSA-2024-1/
http://github.com/weechat/weechat/issues/2178
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
