weechat

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Fast, light and extensible IRC client (curses UI)
Version 2.9-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1103 2.7-2 2.7.1-1 Critical Fixed
AVG-412 1.9-2 1.9.1-1 Medium Fixed
AVG-253 1.7-2 1.7.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-9760 AVG-1103 Critical Yes Arbitrary code execution
A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to...
CVE-2020-9759 AVG-1103 Medium Yes Denial of service
A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read...
CVE-2020-8955 AVG-1103 Critical Yes Arbitrary code execution
A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode).
CVE-2017-14727 AVG-412 Medium Yes Denial of service
It has been discovered that in logger.c in the logger plugin before weechat 1.9.1 the date/time conversion specifiers are expanded after replacing buffer...
CVE-2017-8073 AVG-253 High Yes Denial of service
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function...

Advisories

Date Advisory Group Severity Description
25 Feb 2020 ASA-202002-12 AVG-1103 Critical multiple issues
25 Sep 2017 ASA-201709-20 AVG-412 Medium denial of service
23 Apr 2017 ASA-201704-7 AVG-253 High denial of service