{"id":"CVE-2021-40516","details":"WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.","modified":"2026-05-30T18:22:27.266809Z","published":"2021-09-05T18:15:07.260Z","related":["openSUSE-SU-2022:0083-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"weechat:weechat","source":"CPE_RANGE","extracted_events":[{"introduced":"0.4.1"},{"fixed":"3.2.1"}],"cpes":["cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*"]},{"vendor_product":"debian:debian_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"10.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"3.2.1"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"},{"type":"FIX","url":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b"},{"type":"FIX","url":"https://weechat.org/doc/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weechat/weechat","events":[{"introduced":"0"},{"fixed":"8b1331f98de1714bae15a9ca2e2b393ba49d735b"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v2.3","v3.2","v3.2-rc1","v3.1","v3.1-rc1","v3.0","v3.0-rc1","v2.9","v2.9-rc1","v2.8","v2.8-rc1","v2.7","v2.7-rc1","v2.6","v2.6-rc2","v2.6-rc1","v2.5","v2.5-rc2","v2.5-rc1","v2.4","v2.4-rc1","v2.3-rc1","v2.2","v2.2-rc2","v2.2-rc1","v2.1","v2.1-rc1","v2.0","v2.0-rc1","v1.9","v1.9-rc2","v1.9-rc1","v1.8","v1.8-rc1","v1.7","v1.7-rc2","v1.7-rc1","v1.6","v1.6-rc2","v1.6-rc1","v1.5","v1.5-rc2","v1.5-rc1","v1.4","v1.4-rc2","v1.4-rc1","v1.3","v1.3-rc2","v1.3-rc1","v1.2","v1.2-rc2","v1.2-rc1","v1.1","v1.1-rc2","v1.1-rc1","v1.0","v1.0-rc3","v1.0-rc2","v1.0-rc1","v0.4.3","v0.0.1","release-0-0-1","v0.4.3-rc2","v0.4.3-rc1","v0.4.2","v0.4.2-rc2","v0.4.2-rc1","v0.4.1","v0.4.1-rc2","v0.4.1-rc1","v0.4.0","v0.4.0-rc3","v0.4.0-rc2","v0.4.0-rc1","v0.3.9","v0.3.9-rc2","v0.3.9-rc1","v0.3.8","v0.3.8-rc2","v0.3.8-rc1","v0.3.7","v0.3.7-rc3","v0.3.7-rc2","v0.3.7-rc1","v0.3.6","v0.3.6-rc3","v0.3.6-rc2","v0.3.6-rc1","v0.3.5","v0.3.5-rc3","v0.3.5-rc2","v0.3.5-rc1","v0.3.4","v0.3.4-rc3","v0.3.4-rc2","v0.3.4-rc1","v0.3.3","v0.3.3-rc3","v0.3.3-rc2","v0.3.3-rc1","v0.3.2","v0.3.2-rc1","v0.3.1","v0.3.0","v0.3.0-rc3","v0.3.0-rc2","v0.3.0-rc1","v0.2.6","v0.2.5","release-0-2-5","v0.2.4","release-0-2-4","v0.2.3","release-0-2-3","v0.2.2","release-0-2-2","v0.2.1","release-0-2-1","v0.2.0","release-0-2-0","v0.1.9","release-0-1-9","v0.1.8","release-0-1-8","v0.1.7","release-0-1-7","v0.1.6","release-0-1-6","v0.1.5","release-0-1-5","v0.1.4","release-0-1-4","v0.1.3","release-0-1-3","v0.1.2","release-0-1-2","v0.1.1","release-0-1-1","v0.1.0","release-0-1-0","v0.0.9","release-0-0-9","v0.0.8","release-0-0-8","v0.0.7","release-0-0-7","v0.0.6","release-0-0-6","v0.0.5","release-0-0-5","v0.0.4","release-0-0-4","v0.0.3","release-0-0-3","v0.0.2","release-0-0-2"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b","signature_type":"Function","digest":{"length":1292,"function_hash":"90984801403705773734291904413682159646"},"id":"CVE-2021-40516-353cee5b","deprecated":false,"target":{"function":"relay_websocket_decode_frame","file":"src/plugins/relay/relay-websocket.c"}},{"signature_version":"v1","source":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["185022148163257089434961016404046252569","184744754322552087026858270309936591790","191183726525295947973913069477825404381","68668294676952027065538799851858869832","60044029408785289657743013144701600498","53318637778942654248644030389717365042","53534688126527754786968734116397354900","140022038909199881189320215257515401726","268943608237821586650034687314187702877","285334332598187027351225037205398649593","255007784547851831597708940877279823122","173371007676917502685001025229199806348","226270972019004488545873450194490022194","324481065871207876708782365308912011591","11404280253700365656450875383320078459","114194268252433711824331716049407082525","137109977297919328510141836220320587523","242376844075321787239986594644343304784","316063017631408290107575463454114821044","142928069766618059012610996476402069099"]},"id":"CVE-2021-40516-f0fe135d","deprecated":false,"target":{"file":"src/plugins/relay/relay-websocket.c"}}],"vanir_signatures_modified":"2026-05-30T18:22:27Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40516.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}