CVE-2012-5854 - OpenCVE

Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flashtux	Weechat

Configuration 1 [-]

OR	cpe:2.3:a:flashtux:weechat:0.3.6:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.7:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.8:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.9:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
http://osvdb.org/87279
http://secunia.com/advisories/51377
http://weechat.org/security/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
http://www.openwall.com/lists/oss-security/2012/11/12/2
http://www.securityfocus.com/bid/56482
https://savannah.nongnu.org/bugs/?37704
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-11-19T11:00:00

Updated: 2024-08-06T21:21:27.375Z

Reserved: 2012-11-12T00:00:00

Link: CVE-2012-5854

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-11-19T12:10:54.417

Modified: 2014-02-07T04:43:45.867

Link: CVE-2012-5854

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-05T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "87279", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/87279"}, {"name": "56482", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56482"}, {"name": "FEDORA-2012-17973", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"}, {"name": "51377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51377"}, {"name": "openSUSE-SU-2013:0150", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://savannah.nongnu.org/bugs/?37704"}, {"name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"}, {"name": "openSUSE-SU-2012:1580", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"}, {"name": "FEDORA-2012-17950", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://weechat.org/security/"}, {"name": "MDVSA-2013:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"}, {"name": "FEDORA-2012-18006", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5854", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "87279", "refsource": "OSVDB", "url": "http://osvdb.org/87279"}, {"name": "56482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56482"}, {"name": "FEDORA-2012-17973", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"}, {"name": "51377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51377"}, {"name": "openSUSE-SU-2013:0150", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"}, {"name": "https://savannah.nongnu.org/bugs/?37704", "refsource": "CONFIRM", "url": "https://savannah.nongnu.org/bugs/?37704"}, {"name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"}, {"name": "openSUSE-SU-2012:1580", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"}, {"name": "FEDORA-2012-17950", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"}, {"name": "http://weechat.org/security/", "refsource": "CONFIRM", "url": "http://weechat.org/security/"}, {"name": "MDVSA-2013:136", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"}, {"name": "FEDORA-2012-18006", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:27.375Z"}, "title": "CVE Program Container", "references": [{"name": "87279", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/87279"}, {"name": "56482", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56482"}, {"name": "FEDORA-2012-17973", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"}, {"name": "51377", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51377"}, {"name": "openSUSE-SU-2013:0150", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://savannah.nongnu.org/bugs/?37704"}, {"name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"}, {"name": "openSUSE-SU-2012:1580", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"}, {"name": "FEDORA-2012-17950", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://weechat.org/security/"}, {"name": "MDVSA-2013:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"}, {"name": "FEDORA-2012-18006", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5854", "datePublished": "2012-11-19T11:00:00", "dateReserved": "2012-11-12T00:00:00", "dateUpdated": "2024-08-06T21:21:27.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flashtux:weechat:0.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "E94ADDFF-60D3-4303-97F4-D30AA5A0793C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "7563DBA9-9103-4EE0-A7B6-9C477C736755", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "B1FAB4CE-F55B-463C-83D4-BFC4480CB0AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F80580A7-CFEC-4635-BB41-0DE89DDFD322", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en weechat v0.3.6 a hasta v0.3.9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda o bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de colores IRC hechos a mano que no est\u00e1n debidamente decodificados."}], "id": "CVE-2012-5854", "lastModified": "2014-02-07T04:43:45.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-19T12:10:54.417", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/87279"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/51377"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://weechat.org/security/"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/56482"}, {"source": "cve@mitre.org", "url": "https://savannah.nongnu.org/bugs/?37704"}, {"source": "cve@mitre.org", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}