weechat CVE Vulnerabilities & Metrics

Focus on weechat vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About weechat Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with weechat. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total weechat CVEs: 7
Earliest CVE date: 23 Apr 2017, 15:59 UTC
Latest CVE date: 10 Nov 2024, 21:15 UTC

Latest CVE reference: CVE-2024-46613

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical weechat CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.86

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	4
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS weechat CVEs

These are the five CVEs with the highest CVSS scores for weechat, sorted by severity first and recency.

CVE-2020-9760 weechat Published on 23 Mar 2020, 16:15 UTC (CVSS: 7.5)
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
CVE-2020-8955 weechat Published on 12 Feb 2020, 22:15 UTC (CVSS: 7.5)
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
CVE-2021-40516 weechat Published on 05 Sep 2021, 18:15 UTC (CVSS: 5.0)
WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
CVE-2017-14727 weechat Published on 23 Sep 2017, 20:29 UTC (CVSS: 5.0)
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
CVE-2017-8073 weechat Published on 23 Apr 2017, 15:59 UTC (CVSS: 5.0)
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

All CVEs for weechat

CVE-2024-46613 weechat vulnerability CVSS: 0 10 Nov 2024, 21:15 UTC

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.

CVE-2022-28352 weechat vulnerability CVSS: 4.0 02 Apr 2022, 17:15 UTC

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.

CVE-2021-40516 weechat vulnerability CVSS: 5.0 05 Sep 2021, 18:15 UTC

WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

CVE-2020-9760 weechat vulnerability CVSS: 7.5 23 Mar 2020, 16:15 UTC

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.

CVE-2020-8955 weechat vulnerability CVSS: 7.5 12 Feb 2020, 22:15 UTC

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

CVE-2017-14727 weechat vulnerability CVSS: 5.0 23 Sep 2017, 20:29 UTC

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

CVE-2017-8073 weechat vulnerability CVSS: 5.0 23 Apr 2017, 15:59 UTC

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.