Stuart Nevans Locke

**Name of the Vulnerable Software and Affected Versions** WeeChat versions prior to 3.2.1 **Description** The issue allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that triggers an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the Relay plugin until a patch is available. Restrict access to the `relay-websocket.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WeeChat versions through 2.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts via a malformed IRC message 324, which is related to channel mode. **Recommendations** For WeeChat versions through 2.7, update to a version later than 2.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.