| Name | CVE-2024-46613 |
| Description | WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1081942 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| weechat (PTS) | jessie, jessie (lts) | 1.0.1-1+deb8u4 | vulnerable |
| stretch (security), stretch (lts), stretch | 1.6-1+deb9u3 | vulnerable | |
| buster | 2.3-1+deb10u1 | vulnerable | |
| bullseye | 3.0-1+deb11u1 | vulnerable | |
| bookworm | 3.8-1 | vulnerable | |
| sid, trixie | 4.4.3-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| weechat | source | jessie | (unfixed) | end-of-life | ||
| weechat | source | stretch | (unfixed) | end-of-life | ||
| weechat | source | buster | (unfixed) | end-of-life | ||
| weechat | source | (unstable) | 4.4.2-1 | 1081942 |
[bookworm] - weechat <no-dsa> (Minor issue)
[bullseye] - weechat <postponed> (Minor issue)
https://weechat.org/doc/weechat/security/WSA-2024-1/
https://github.com/weechat/weechat/issues/2178
https://github.com/weechat/weechat/commit/315f769ab25643cf501a4bf8deb8025d92654303
https://github.com/weechat/weechat/commit/5564baf424d847144f13ee50f0988e4f3407e638
https://github.com/weechat/weechat/commit/62d0347d4bdee63694354184611b0b6af5028ff2
https://github.com/weechat/weechat/commit/970f20af31cbcce02a99368eb633e8c4082dfe64
https://github.com/weechat/weechat/commit/9aa0a94156c7cc367d52c31e60d8b03239d4dbd4