Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2020-2 CVE-2020-9759 7.5
Crash on malformed IRC message 352 (WHO). IRC Out-of-bounds read 0.4.0 → 2.7 2.7.1

WSA-2020-2: [IRC] Crash on malformed IRC message 352 (WHO).

Vulnerability
CVE
CVE-2020-9759 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
IRC
Affected versions
0.4.0 → 2.7
Fixed version
2.7.1 () - ChangeLog
Tracker
Not available
Commits
Description
Crash when receiving a malformed IRC message 352 (WHO).
Mitigation
With WeeChat ≥ 1.1, you can create a trigger:

/trigger add fix_irc_352 modifier "irc_in_352" "${arguments} =~ .* \*$" "/.*//"

With any older version, there is no simple mitigation, you must upgrade WeeChat.
Credit
The issue was discovered by Stuart Nevans Locke.