WeeChat - 12 CVEs (Page 1/1)

About “WeeChat”

A curated feed of “WeeChat”-related CVEs appears below. We currently track 12 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.4 (all time), and 67% are rated High/Critical (all time). Top CWEs (all time): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-20 - Improper Input Validation, CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow').

In our taxonomy this topic maps to a LOW impact class. Network services expose protocol parsers and daemons. Patch, restrict to trusted segments, validate inputs, and apply rate limiting. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: weechat

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
4.9	2026-03-29	4.9.1	-
4.8	2025-11-30	4.8.2	2026-03-29 Expired
4.7	2025-07-19	4.7.2	2025-11-30 Expired
4.6	2025-03-23	4.6.3	2025-07-19 Expired
4.5	2024-12-15	4.5.2	2025-03-23 Expired
4.4	2024-08-17	4.4.4	2024-12-15 Expired
4.3	2024-05-26	4.3.6	2024-08-17 Expired
4.2	2024-01-21	4.2.3	2024-05-26 Expired
4.1	2023-10-15	4.1.3	2024-01-21 Expired
4.0	2023-06-24	4.0.8	2023-10-15 Expired
3.8	2023-01-08	3.8	2023-06-24 Expired
3.7	2022-10-09	3.7.1	2023-01-08 Expired
3.6	2022-07-10	3.6	2022-10-09 Expired
3.5	2022-03-27	3.5	2022-07-10 Expired
3.4	2021-12-18	3.4.1	2022-03-27 Expired
3.3	2021-09-19	3.3	2021-12-18 Expired
3.2	2021-06-13	3.2.1	2021-09-19 Expired
3.1	2021-03-07	3.1	2021-06-13 Expired
3.0	2020-11-11	3.0.1	2021-03-07 Expired
2.9	2020-07-18	2.9	2020-11-11 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “WeeChat” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2024-11-10

Critical

CVE-2024-46613

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_f…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

2022-04-02

Medium

CVE-2022-28352

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-m…

CVSS: 4.3 CWE: CWE-295 - Improper Certificate Validation View on NVD

2021-09-05

High

CVE-2021-40516

WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plug…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

2020-03-23

Critical

CVE-2020-9760

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

2020-02-12

Critical

CVE-2020-8955

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified othe…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

2017-09-23

High

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2017-04-23

High

CVE-2017-8073

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overfl…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2012-12-03

High

CVE-2012-5534

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "sh…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD

2012-11-19

High

CVE-2012-5854

Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2011-03-16

Medium

CVE-2011-1428

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD

2009-03-19

Medium

CVE-2009-0661

Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD

2007-08-18

Medium

CVE-2007-4398

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in…

CVSS: 6.8 CWE: N/A View on NVD