CVE-2024-46613

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.
References
Link Resource
https://github.com/weechat/weechat/issues/2178 Issue Tracking Third Party Advisory
https://weechat.org/doc/weechat/security/WSA-2024-1/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*

History

14 Nov 2024, 14:55

Type Values Removed Values Added
CPE cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*
First Time Weechat
Weechat weechat
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-190
References () https://github.com/weechat/weechat/issues/2178 - () https://github.com/weechat/weechat/issues/2178 - Issue Tracking, Third Party Advisory
References () https://weechat.org/doc/weechat/security/WSA-2024-1/ - () https://weechat.org/doc/weechat/security/WSA-2024-1/ - Vendor Advisory

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) En las versiones anteriores a la versión 4.4.2 de WeeChat se produce un desbordamiento de enteros y un desbordamiento de búfer resultante en core/core-string.c cuando hay más de dos mil millones de elementos en una lista. Esto afecta a string_free_split_shared, string_free_split, string_free_split_command y string_free_split_tags.

10 Nov 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-10 21:15

Updated : 2024-11-19 21:35


NVD link : CVE-2024-46613

Mitre link : CVE-2024-46613

CVE.ORG link : CVE-2024-46613


JSON object : View

Products Affected

weechat

  • weechat
CWE
CWE-190

Integer Overflow or Wraparound