FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-5854

This CVE name corresponds to:

Entered Topic
2012-11-10 weechat -- Crash or freeze when decoding IRC colors in strings

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-5854 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-5854
Phase Assigned(20121112)

Description

Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.

References

Source Reference
MLIST [oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings
CONFIRM http://weechat.org/security/
CONFIRM https://savannah.nongnu.org/bugs/?37704
CONFIRM https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330
FEDORA FEDORA-2012-17950
FEDORA FEDORA-2012-17973
FEDORA FEDORA-2012-18006
MANDRIVA MDVSA-2013:136
SUSE openSUSE-SU-2012:1580
SUSE openSUSE-SU-2013:0150
BID 56482
OSVDB 87279
SECUNIA 51377

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.