CVE-2020-9760

EUVD-2020-30539
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
weechatweechat
0.3.4 ≤
𝑥
< 2.7.1
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
weechat
bookworm
3.8-1
fixed
bullseye
3.0-1+deb11u1
fixed
sid
4.4.2-1
fixed
trixie
4.4.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
weechat
bionic
Fixed 1.9.1-1ubuntu1+esm1
released
eoan
ignored
focal
not-affected
groovy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lunar
not-affected
trusty
dne
xenial
Fixed 1.4-2ubuntu0.1+esm1
released
Common Weakness Enumeration
References
https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html
https://security.gentoo.org/glsa/202003-51
https://weechat.org/doc/security/
https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html
https://security.gentoo.org/glsa/202003-51
https://weechat.org/doc/security/