CVE-2020-9760

CVE-2020-9760

Name

CVE-2020-9760

Description

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://weechat.org/doc/security/
Patch	https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
MLIST	https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html
GENTOO	https://security.gentoo.org/glsa/202003-51
MLIST	https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html

Type

URI

Vendor Advisory

https://weechat.org/doc/security/

Patch

https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f

MLIST

https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html

GENTOO

https://security.gentoo.org/glsa/202003-51

MLIST

https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:weechat:weechat::::::::`	weechat	>= 0.3.4	< 2.7.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*

weechat

>= 0.3.4

< 2.7.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
weechat	edge-community	1.9.1-r0	None	possibly vulnerable
weechat	edge-community	1.7.1-r0	None	possibly vulnerable
weechat	3.22-community	1.9.1-r0	None	possibly vulnerable
weechat	3.22-community	1.7.1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

weechat

edge-community

1.9.1-r0

None

possibly vulnerable

weechat

edge-community