CVE-2022-28352

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-28352
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28352.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-28352
Downstream
Published
2022-04-02T17:15:07Z
Modified
2025-09-24T11:38:29.637319Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutlscasystem or weechat.network.gnutlscauser is changed without a WeeChat restart.

References

Affected packages

Git / github.com/weechat/weechat

Affected ranges

Type
GIT
Repo
https://github.com/weechat/weechat
Events
Introduced
70c09f1f5a4b317037330699d5cedfe96a54e05c
Fixed
e04047be68afc90491cfc2ed12a3ffc19a1decb4

Affected versions

v3.*

v3.2
v3.3
v3.3-rc1
v3.4
v3.4-rc1