CVE-2017-8073 - OpenCVE

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Weechat	Weechat

Configuration 1 [-]

cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2017/dsa-3836
http://www.securityfocus.com/bid/97987
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/
https://weechat.org/download/security/
https://weechat.org/news/95/20170422-Version-1.7.1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-23T15:00:00

Updated: 2024-08-05T16:27:21.389Z

Reserved: 2017-04-23T00:00:00

Link: CVE-2017-8073

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-23T15:59:00.200

Modified: 2023-11-07T02:50:21.917

Link: CVE-2017-8073

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-30T01:06:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "97987", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97987"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://weechat.org/download/security/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://weechat.org/news/95/20170422-Version-1.7.1/"}, {"name": "DSA-3836", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3836"}, {"name": "FEDORA-2020-4d232b48b8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/"}, {"name": "FEDORA-2020-db890b4800", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/"}, {"name": "FEDORA-2020-d242130019", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8073", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "97987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97987"}, {"name": "https://weechat.org/download/security/", "refsource": "CONFIRM", "url": "https://weechat.org/download/security/"}, {"name": "https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b", "refsource": "CONFIRM", "url": "https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b"}, {"name": "https://weechat.org/news/95/20170422-Version-1.7.1/", "refsource": "CONFIRM", "url": "https://weechat.org/news/95/20170422-Version-1.7.1/"}, {"name": "DSA-3836", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3836"}, {"name": "FEDORA-2020-4d232b48b8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/"}, {"name": "FEDORA-2020-db890b4800", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/"}, {"name": "FEDORA-2020-d242130019", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:27:21.389Z"}, "title": "CVE Program Container", "references": [{"name": "97987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97987"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://weechat.org/download/security/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://weechat.org/news/95/20170422-Version-1.7.1/"}, {"name": "DSA-3836", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3836"}, {"name": "FEDORA-2020-4d232b48b8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/"}, {"name": "FEDORA-2020-db890b4800", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/"}, {"name": "FEDORA-2020-d242130019", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8073", "datePublished": "2017-04-23T15:00:00", "dateReserved": "2017-04-23T00:00:00", "dateUpdated": "2024-08-05T16:27:21.389Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "34C2B09C-F044-4A5B-9512-B370B5C1E8FB", "versionEndExcluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow."}, {"lang": "es", "value": "WeeChat en versiones anteriores a 1.7.1 permite una ca\u00edda remota a trav\u00e9s del envio de un nombre de archivo a trav\u00e9s de DCC al plugin IRC. Esto ocurre en la funci\u00f3n irc_ctcp_dcc_filename_without_quotes durante la eliminaci\u00f3n de cotizaciones, con un desbordamiento de b\u00fafer."}], "id": "CVE-2017-8073", "lastModified": "2023-11-07T02:50:21.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-23T15:59:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3836"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97987"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://weechat.org/download/security/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://weechat.org/news/95/20170422-Version-1.7.1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}