ALT-PU-2020-1694-1
Closed vulnerabilities
Published: 2020-02-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8955
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0248
- openSUSE-SU-2020:0248
- https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
- https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2157-1] weechat security update
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2157-1] weechat security update
- [debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update
- [debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update
- FEDORA-2020-4d232b48b8
- FEDORA-2020-4d232b48b8
- FEDORA-2020-db890b4800
- FEDORA-2020-db890b4800
- FEDORA-2020-d242130019
- FEDORA-2020-d242130019
- GLSA-202003-51
- GLSA-202003-51
- https://weechat.org/doc/security/
- https://weechat.org/doc/security/
Published: 2020-03-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-9760
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
- https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2157-1] weechat security update
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2157-1] weechat security update
- [debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update
- [debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update
- GLSA-202003-51
- GLSA-202003-51
- https://weechat.org/doc/security/
- https://weechat.org/doc/security/