CVE-2024-46613

Published: Nov 10, 2024Modified: Nov 19, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.

Affected (1)

Products: Weechat: Weechat

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Weechat Weechat	From 0.1.6 to 4.4.2

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (2)

https://github.com/weechat/weechat/issues/2178

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://weechat.org/doc/weechat/security/WSA-2024-1/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.