#20788 – CVE-2009-0661 WeeChat IRC Message Denial of Service

Bug 20788 - CVE-2009-0661 WeeChat IRC Message Denial of Service

Summary: CVE-2009-0661 WeeChat IRC Message Denial of Service

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	weechat (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Alexey Gladkov
QA Contact:	qa-sisyphus

URL:	http://secunia.com/advisories/34304/
Keywords:	security

Depends on:
Blocks:

Reported:	2009-07-15 15:59 MSD by Vladimir Lettiev
Modified:	2011-01-29 19:45 MSK (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-07-15 15:59:28 MSD

A vulnerability has been reported in WeeChat, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the then handling of IRC messages containing certain color codes. This can be exploited to crash the application by sending specially crafted messages to a vulnerable client.

Fixed in version >= 0.2.6.1

Comment 1 Konstantin Pavlov 2009-07-15 16:05:31 MSD

$ ssh git.alt acl sisyphus weechat show
weechat @nobody

Comment 2 Slava Semushin 2011-01-29 19:45:57 MSK

В Сизифе 0.3.4