Bug 1167516 - (CVE-2020-9759) VUL-0: CVE-2020-9759: weechat: a malformed message 352 (who) can cause a NULL pointer dereference
(CVE-2020-9759)
VUL-0: CVE-2020-9759: weechat: a malformed message 352 (who) can cause a NULL...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Maximilian Trummer
Security Team bot
https://smash.suse.de/issue/255640/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-24 07:55 UTC by Robert Frohl
Modified: 2022-03-14 16:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-03-24 07:55:07 UTC
CVE-2020-9759

An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A
malformed message 352 (who) can cause a NULL pointer dereference in the callback
function, resulting in a crash.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9759
https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9759
https://weechat.org/doc/security/
Comment 1 Andreas Stieger 2022-03-14 16:25:40 UTC
Leap 15.3 has 2.8, others are discontinued.