CVE-2012-5534

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2012-5534

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-5534.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-5534

Downstream

DEBIAN-CVE-2012-5534

DSA-2598-1

Published

2012-12-03T21:55:01Z

Modified

2026-04-10T03:44:19.730621Z

Summary

[none]

Details

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."

References

http://secunia.com/advisories/51294
http://secunia.com/advisories/51377
http://weechat.org/security/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:136
http://weechat.org/security/
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
http://www.openwall.com/lists/oss-security/2012/11/19/4
http://www.securityfocus.com/bid/56584
https://savannah.nongnu.org/bugs/?37764
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347

CVE-2012-5534

Affected packages