CVE-2011-1428

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-1428

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-1428.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-1428

Related

Published

2011-03-16T22:55:04Z

Modified

2025-04-11T00:51:21Z

Summary

[none]

Details

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

References

Affected packages

Debian:11 / weechat

Package

Name: weechat
Purl: pkg:deb/debian/weechat?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / weechat

Package

Name: weechat
Purl: pkg:deb/debian/weechat?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / weechat

Package

Name: weechat
Purl: pkg:deb/debian/weechat?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}