Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
WeeChat 信任管理问题漏洞
Vulnerability Description
WeeChat是一款可扩展的即时聊天客户端应用程序。 WeeChat 3.2版本至3.4版本存在安全漏洞,该漏洞源于没有正确验证服务器的TLS证书,在某些GnuTLS选项被更改后,攻击者可以通过任意证书来欺骗TLS聊天服务器。
CVSS Information
N/A
Vulnerability Type
N/A