CVE-2022-28352

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-28352
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28352.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-28352
Downstream
Published
2022-04-02T17:15:07Z
Modified
2025-09-24T03:11:35.046596Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutlscasystem or weechat.network.gnutlscauser is changed without a WeeChat restart.

References

Affected packages

Git / github.com/weechat/weechat

Affected ranges

Type
GIT
Repo
https://github.com/weechat/weechat
Events

Affected versions

v3.*

v3.2
v3.3
v3.3-rc1
v3.4
v3.4-rc1