PT-2024-32077 · Weechat+1 · Weechat+1
Yiheng Cao
·
Published
2024-11-10
·
Updated
2025-02-05
·
CVE-2024-46613
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeeChat versions prior to 4.4.2
Description
The issue is caused by an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects functions such as
string free split shared, string free split, string free split command, and string free split tags.Recommendations
For WeeChat versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider limiting the number of items in a list to prevent the integer overflow.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Weechat