Vulnerability Description
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weechat | Weechat | >= 0.3.4, < 2.7.1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca919PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00031.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/09/msg00018.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202003-51Third Party Advisory
- https://weechat.org/doc/security/Vendor Advisory
- https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca919PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00031.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/09/msg00018.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202003-51Third Party Advisory
- https://weechat.org/doc/security/Vendor Advisory
FAQ
What is CVE-2020-9760?
CVE-2020-9760 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a ...
How severe is CVE-2020-9760?
CVE-2020-9760 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-9760?
Check the references section above for vendor advisories and patch information. Affected products include: Weechat Weechat, Debian Debian Linux.