Bug 1167514 - (CVE-2020-9760) VUL-0: CVE-2020-9760: weechat: When a new IRC message 005 is received with longer nick prefixes a buffer overflow can happen
(CVE-2020-9760)
VUL-0: CVE-2020-9760: weechat: When a new IRC message 005 is received with lo...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Maximilian Trummer
Security Team bot
https://smash.suse.de/issue/255641/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-24 07:49 UTC by Robert Frohl
Modified: 2022-03-14 16:22 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-03-24 07:49:08 UTC
CVE-2020-9760

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected).
When a new IRC message 005 is received with longer nick prefixes, a buffer
overflow and possibly a crash can happen when a new mode is set for a nick.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9760
https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9760
https://weechat.org/doc/security/
Comment 1 Andreas Stieger 2022-03-14 16:22:38 UTC
Leap 15.3 has 2.8. Others are discontinued. Closing