Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-8955

Published: 12/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Weechat

Vulnerability Summary

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat up to and including 2.7 allows remote malicious users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

weechat weechat

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

opensuse leap 15.1

opensuse backports sle 15.0

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: weechat: CVE-2020-8955
Debian Bug report logs - #951289 weechat: CVE-2020-8955 Package: src:weechat; Maintainer for src:weechat is Emmanuel Bouthenot <kolter@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 13 Feb 2020 21:42:01 UTC Severity: important Tags: security, upstream Found in version weechat/26-2 ...
Arch Linux Issues:
A heap-based out-of-bounds write has been found in the IRC plugin of weechat before 271, in irc-modec, when receiving a malformed IRC message 324 (channel mode) ...

References

CWE-120https://weechat.org/doc/security/https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74dahttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00031.htmlhttps://security.gentoo.org/glsa/202003-51https://lists.debian.org/debian-lts-announce/2021/09/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951289https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-8955
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook