WeeChat Color Decoding Heap Buffer Overflow Vulnerability

WeeChat is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

WeeChat versions 0.3.6 through 0.3.9 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus