AVG-1103 log

Package weechat
Status Fixed
Severity Critical
Type multiple issues
Affected 2.7-2
Fixed 2.7.1-1
Current 4.5.0-2 [extra-testing]
4.4.4-1 [extra]
Ticket None
Created Tue Feb 25 15:30:37 2020
Issue Severity Remote Type Description
CVE-2020-9760 Critical Yes Arbitrary code execution
A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to...
CVE-2020-9759 Medium Yes Denial of service
A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read...
CVE-2020-8955 Critical Yes Arbitrary code execution
A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode).
Date Advisory Package Type
25 Feb 2020 ASA-202002-12 weechat multiple issues
References
https://weechat.org/news/113/20200220-Version-2.7.1-security-release/