Flashcode

**Name of the Vulnerable Software and Affected Versions** WeeChat versions 0.3.0 through 0.3.9.1 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to shell expansion, by exploiting the `hook process` function in the plugin API. **Recommendations** For WeeChat versions 0.3.0 through 0.3.9.1, consider disabling the `hook process` function until a patch is available to prevent exploitation. Restrict access to plugins that utilize the `hook process` function to minimize the risk of arbitrary command execution. Avoid using shell metacharacters in commands from plugins to reduce the risk of shell expansion issues.

**Name of the Vulnerable Software and Affected Versions** WeeChat versions 0.3.6 through 0.3.9 **Description** The issue is related to a heap-based buffer overflow that can be triggered by remote attackers sending crafted IRC colors that are not properly decoded, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For WeeChat versions 0.3.6 through 0.3.9, update to a version that contains a fix for this issue.