[3.2] weechat: Buffer overflow in the irc_ctcp_dcc_filename_without_quotes function (CVE-2017-8073)
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC
to the IRC plugin. This occurs in the
irc_ctcp_dcc_filename_without_quotes function during quote removal,
with a buffer overflow.
References:
https://weechat.org/download/security/
Patch:
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
(from redmine: issue id 7198, created on 2017-04-25, closed on 2017-04-25)
- Relations:
- parent #7194 (closed)
- Changesets:
- Revision fab6af54 on 2017-04-25T09:59:49Z:
main/weechat: security fixes #7198 (CVE-2017-8073)