7.5

CVE-2012-5534

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FlashtuxWeechat Version0.3.0
FlashtuxWeechat Version0.3.1
FlashtuxWeechat Version0.3.1.1
FlashtuxWeechat Version0.3.2
FlashtuxWeechat Version0.3.3
FlashtuxWeechat Version0.3.4
FlashtuxWeechat Version0.3.6
FlashtuxWeechat Version0.3.7
FlashtuxWeechat Version0.3.8
FlashtuxWeechat Version0.3.9
FlashtuxWeechat Version0.3.9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.44% 0.902
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
http://secunia.com/advisories/51377
http://weechat.org/security/
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html
http://secunia.com/advisories/51294
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/19/4
http://www.securityfocus.com/bid/56584
https://savannah.nongnu.org/bugs/?37764
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347