CVE-2021-40516

Name
CVE-2021-40516
Description
WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://weechat.org/doc/security/
MISC https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
Mailing List https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:* weechat >= 0.4.1 < 3.2.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
weechat 3.14-community 3.2-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
weechat 3.15-community 3.5-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed