VDB
CVE-2012-5534
CVE-2012-5534
PUBLISHED
CVSS 7.5 HIGH
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
EPSS 1.97% · 83.9th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.97%
83.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| flashtux | weechat | 0.3.1, 0.3.2, 0.3.4 |
| n/a | n/a | n/a |
Timeline
- Dec 3, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a url
- 51294 third-party-advisory
- 51377 third-party-advisory
- openSUSE-SU-2013:0150 vendor-advisory
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347 url
- openSUSE-SU-2012:1580 vendor-advisory
- 56584 vdb
- FEDORA-2012-18575 vendor-advisory
- http://weechat.org/security/ url
- FEDORA-2012-18526 vendor-advisory
- [oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] mailing-list
- https://savannah.nongnu.org/bugs/?37764 url
- MDVSA-2013:136 vendor-advisory
- FEDORA-2012-18494 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-5534 advisory
- http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a url
- http://weechat.org/security url