CVE-2017-14727

Name: CVE-2017-14727
Creator: NVD / NIST
Published: 2017-09-23T20:29:00.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.84%

Last modified Jun 17, 2026

CVE-2017-14727 is a vulnerability of currently unknown severity. logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.. EPSS estimates a 2.84% chance of exploitation in the next 30 days.

Description

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

Metrics

EPSS Probability

2.84%

84.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Weechat	Logger	All versions

References

http://www.securityfocus.com/bid/101003Third Party Advisory, VDB Entry
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556Patch, Third Party Advisory
https://weechat.org/download/security/Vendor Advisory
https://weechat.org/news/98/20170923-Version-1.9.1-security-release/Release Notes, Vendor Advisory
http://www.securityfocus.com/bid/101003Third Party Advisory, VDB Entry
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556Patch, Third Party Advisory
https://weechat.org/download/security/Vendor Advisory
https://weechat.org/news/98/20170923-Version-1.9.1-security-release/Release Notes, Vendor Advisory

Timeline

Published: Sep 23, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14727?

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

How severe is CVE-2017-14727?

Severity scoring for CVE-2017-14727 is pending analysis. The EPSS model estimates a 2.84% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14727?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14727?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST