CVE-2007-4398

Name of the Vulnerable Software and Affected Versions WeeChat (affected versions not specified)

Description The issue concerns CRLF injection vulnerabilities in certain scripts for WeeChat, specifically now-playing.rb and xmms.pl version 1.1. These vulnerabilities allow user-assisted remote attackers to execute arbitrary IRC commands by injecting CRLF sequences into the name of a song in an .mp3 file.

Recommendations For WeeChat, consider disabling the now-playing.rb and xmms.pl scripts until a patch is available to prevent exploitation of the CRLF injection vulnerabilities. Restrict access to these scripts to minimize the risk of executing arbitrary IRC commands. Avoid using .mp3 files with malicious song names in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.