Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2020-3 CVE-2020-9760 7.5
Buffer overflow on new IRC message 005 with nick prefixes. IRC Out-of-bounds write 0.3.4 → 2.7 2.7.1

WSA-2020-3: [IRC] Buffer overflow on new IRC message 005 with nick prefixes.

Vulnerability
CVE
CVE-2020-9760 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds write (detail)
Scope
IRC
Affected versions
0.3.4 → 2.7
Fixed version
2.7.1 () - ChangeLog
Tracker
Not available
Commits
Description
A buffer overflow happens when a new IRC message 005 is received with longer nick prefixes.
Note: a "normal" IRC server should not send again a message 005 with new nick prefixes, so the problem should be limited to malicious IRC servers.
Mitigation
There is no known mitigation.
The upgrade of WeeChat to the latest stable version is highly recommended.
Credit
The issue was discovered by Stuart Nevans Locke.