CVE-2020-9760

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
Configurations

Configuration 1 (hide)

cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:41

Type Values Removed Values Added
References () https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f - Patch, Third Party Advisory () https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f - Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/202003-51 - Third Party Advisory () https://security.gentoo.org/glsa/202003-51 - Third Party Advisory
References () https://weechat.org/doc/security/ - Vendor Advisory () https://weechat.org/doc/security/ - Vendor Advisory

01 Apr 2022, 15:39

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html - Mailing List, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202003-51 - (GENTOO) https://security.gentoo.org/glsa/202003-51 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

30 Sep 2021, 14:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html -

Information

Published : 2020-03-23 16:15

Updated : 2024-11-21 05:41


NVD link : CVE-2020-9760

Mitre link : CVE-2020-9760

CVE.ORG link : CVE-2020-9760


JSON object : View

Products Affected

debian

  • debian_linux

weechat

  • weechat
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')