{"id":"CVE-2021-40516","details":"WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.","modified":"2026-04-16T04:36:15.004696660Z","published":"2021-09-05T18:15:07.260Z","related":["openSUSE-SU-2022:0083-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"},{"type":"FIX","url":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b"},{"type":"FIX","url":"https://weechat.org/doc/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weechat/weechat","events":[{"introduced":"ba5664a019508347af517ace0f04ee32d4055216"},{"fixed":"3e180a3c9082cf214efa72935184861b8f8a8540"},{"fixed":"8b1331f98de1714bae15a9ca2e2b393ba49d735b"}],"database_specific":{"versions":[{"introduced":"0.4.1"},{"fixed":"3.2.1"}]}}],"versions":["v0.4.1","v0.4.2","v0.4.2-rc1","v0.4.2-rc2","v0.4.3","v0.4.3-rc1","v0.4.3-rc2","v1.0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.1","v1.1-rc1","v1.1-rc2","v1.2","v1.2-rc1","v1.2-rc2","v1.3","v1.3-rc1","v1.3-rc2","v1.4","v1.4-rc1","v1.4-rc2","v1.5","v1.5-rc1","v1.5-rc2","v1.6","v1.6-rc1","v1.6-rc2","v1.7","v1.7-rc1","v1.7-rc2","v1.8","v1.8-rc1","v1.9","v1.9-rc1","v1.9-rc2","v2.0","v2.0-rc1","v2.1","v2.1-rc1","v2.2","v2.2-rc1","v2.2-rc2","v2.3","v2.3-rc1","v2.4","v2.4-rc1","v2.5","v2.5-rc1","v2.5-rc2","v2.6","v2.6-rc1","v2.6-rc2","v2.7","v2.7-rc1","v2.8","v2.8-rc1","v2.9","v2.9-rc1","v3.0","v3.0-rc1","v3.1","v3.1-rc1","v3.2","v3.2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40516.json","vanir_signatures_modified":"2026-04-11T21:23:21Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b","digest":{"length":1292,"function_hash":"90984801403705773734291904413682159646"},"id":"CVE-2021-40516-353cee5b","signature_type":"Function","deprecated":false,"target":{"file":"src/plugins/relay/relay-websocket.c","function":"relay_websocket_decode_frame"}},{"signature_version":"v1","target":{"file":"src/plugins/relay/relay-websocket.c"},"digest":{"line_hashes":["185022148163257089434961016404046252569","184744754322552087026858270309936591790","191183726525295947973913069477825404381","68668294676952027065538799851858869832","60044029408785289657743013144701600498","53318637778942654248644030389717365042","53534688126527754786968734116397354900","140022038909199881189320215257515401726","268943608237821586650034687314187702877","285334332598187027351225037205398649593","255007784547851831597708940877279823122","173371007676917502685001025229199806348","226270972019004488545873450194490022194","324481065871207876708782365308912011591","11404280253700365656450875383320078459","114194268252433711824331716049407082525","137109977297919328510141836220320587523","242376844075321787239986594644343304784","316063017631408290107575463454114821044","142928069766618059012610996476402069099"],"threshold":0.9},"id":"CVE-2021-40516-f0fe135d","signature_type":"Line","deprecated":false,"source":"https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}