{"id":"UBUNTU-CVE-2017-8073","details":"WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.","modified":"2026-04-22T12:33:58.616510Z","published":"2017-04-23T15:59:00Z","upstream":["CVE-2017-8073"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-8073"},{"type":"REPORT","url":"https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b"},{"type":"REPORT","url":"https://weechat.org/download/security/"},{"type":"REPORT","url":"https://weechat.org/news/95/20170422-Version-1.7.1/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-8073"}],"affected":[{"package":{"name":"weechat","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/weechat@0.4.2-3ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.2-3ubuntu0.1"}]}],"versions":["0.4.1-2","0.4.2-2ubuntu1","0.4.2-3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.4.2-3ubuntu0.1","binary_name":"weechat"},{"binary_version":"0.4.2-3ubuntu0.1","binary_name":"weechat-core"},{"binary_version":"0.4.2-3ubuntu0.1","binary_name":"weechat-curses"},{"binary_version":"0.4.2-3ubuntu0.1","binary_name":"weechat-plugins"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8073.json"}},{"package":{"name":"weechat","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/weechat@1.4-2ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-2ubuntu0.1"}]}],"versions":["1.3-1","1.3-1build1","1.4-1","1.4-1build1","1.4-1build2","1.4-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.4-2ubuntu0.1","binary_name":"weechat"},{"binary_version":"1.4-2ubuntu0.1","binary_name":"weechat-core"},{"binary_version":"1.4-2ubuntu0.1","binary_name":"weechat-curses"},{"binary_version":"1.4-2ubuntu0.1","binary_name":"weechat-plugins"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8073.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}