AVG-1103 log
| Package | weechat |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 2.7-2 |
| Fixed | 2.7.1-1 |
| Current | 4.2.2-2 [extra] |
| Ticket | None |
| Created | Tue Feb 25 15:30:37 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-9760 | Critical | Yes | Arbitrary code execution | A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to... |
| CVE-2020-9759 | Medium | Yes | Denial of service | A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read... |
| CVE-2020-8955 | Critical | Yes | Arbitrary code execution | A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode). |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 25 Feb 2020 | ASA-202002-12 | weechat | multiple issues |
| References |
|---|
https://weechat.org/news/113/20200220-Version-2.7.1-security-release/ |