CVE-2020-9760

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
weechatweechat
0.3.4 ≤
𝑥
< 2.7.1
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
weechat
bullseye
3.0-1+deb11u1
fixed
bookworm
3.8-1
fixed
sid
4.4.2-1
fixed
trixie
4.4.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
weechat
lunar
not-affected
kinetic
ignored
jammy
not-affected
impish
ignored
hirsute
ignored
groovy
ignored
focal
not-affected
eoan
ignored
bionic
Fixed 1.9.1-1ubuntu1+esm1
released
xenial
Fixed 1.4-2ubuntu0.1+esm1
released
trusty
dne