CVE-2012-5534
WeeChat 0.3.0-0.3.9.1 - Remote Code Execution via Plugin Command Shell Expansion
Title source: llmDescription
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
References (14)
Core 14
Core References
Various Sources x_refsource_confirm
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51294
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51377
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56584
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html
Patch, Vendor Advisory x_refsource_confirm
http://weechat.org/security/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/19/4
Various Sources x_refsource_confirm
https://savannah.nongnu.org/bugs/?37764
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html
Scores
EPSS
0.0444
EPSS Percentile
90.3%
Details
CWE
CWE-20
Status
published
Products (11)
flashtux/weechat
0.3.0
flashtux/weechat
0.3.1
flashtux/weechat
0.3.1.1
flashtux/weechat
0.3.2
flashtux/weechat
0.3.3
flashtux/weechat
0.3.4
flashtux/weechat
0.3.6
flashtux/weechat
0.3.7
flashtux/weechat
0.3.8
flashtux/weechat
0.3.9
... and 1 more
Published
Dec 03, 2012
Tracked Since
Feb 18, 2026