AVG-1103 log
Package | weechat |
Status | Fixed |
Severity | Critical |
Type | multiple issues |
Affected | 2.7-2 |
Fixed | 2.7.1-1 |
Current |
4.5.0-2 [extra-testing] 4.4.4-1 [extra] |
Ticket | None |
Created | Tue Feb 25 15:30:37 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-9760 | Critical | Yes | Arbitrary code execution | A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to... |
CVE-2020-9759 | Medium | Yes | Denial of service | A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read... |
CVE-2020-8955 | Critical | Yes | Arbitrary code execution | A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode). |
Date | Advisory | Package | Type |
---|---|---|---|
25 Feb 2020 | ASA-202002-12 | weechat | multiple issues |
References |
---|
https://weechat.org/news/113/20200220-Version-2.7.1-security-release/ |