Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5854

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5854
Last Modified 06 Feb 2014 11:43:45
Published 19 Nov 2012 07:10:54
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5854

Summary

Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.

Vulnerable Systems

Application

  • Flashtux Weechat 0.3.6

  • Flashtux Weechat 0.3.7

  • Flashtux Weechat 0.3.8

  • Flashtux Weechat 0.3.9


References

CONFIRM - https://savannah.nongnu.org/bugs/?37704

BID - 56482

MLIST - [oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings

CONFIRM - http://weechat.org/security/

OSVDB - 87279

FEDORA - FEDORA-2012-17950

SUSE - openSUSE-SU-2012:1580

SUSE - openSUSE-SU-2013:0150

SECUNIA - 51377

FEDORA - FEDORA-2012-17973

FEDORA - FEDORA-2012-18006

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330

MANDRIVA - MDVSA-2013:136


Last Updated: 27 May 2016 10:55:05