An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are
affected). When a new IRC message 005 is received with longer nick
prefixes, a buffer overflow and possibly a crash can happen when a new mode
is set for a nick.
{"cve": [{"lastseen": "2022-04-01T18:33:07", "description": "An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-23T16:15:00", "type": "cve", "title": "CVE-2020-9760", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9760"], "modified": "2022-04-01T15:39:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-9760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9760", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-20T06:09:52", "description": "An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-23T16:15:00", "type": "debiancve", "title": "CVE-2020-9760", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9760"], "modified": "2020-03-23T16:15:00", "id": "DEBIANCVE:CVE-2020-9760", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9760", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-22T22:39:59", "description": "Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash (CVE-2020-9759). An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick (CVE-2020-9760). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-02T22:48:49", "type": "mageia", "title": "Updated weechat packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9759", "CVE-2020-9760"], "modified": "2020-04-02T22:48:49", "id": "MGASA-2020-0153", "href": "https://advisories.mageia.org/MGASA-2020-0153.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T15:08:27", "description": "The remote host is affected by the vulnerability described in GLSA-202003-51 (WeeChat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WeeChat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by sending a specially crafted IRC message, could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-26T00:00:00", "type": "nessus", "title": "GLSA-202003-51 : WeeChat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:weechat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202003-51.NASL", "href": "https://www.tenable.com/plugins/nessus/134926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-51.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-8955\", \"CVE-2020-9759\", \"CVE-2020-9760\");\n script_xref(name:\"GLSA\", value:\"202003-51\");\n\n script_name(english:\"GLSA-202003-51 : WeeChat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-51\n(WeeChat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WeeChat. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by sending a specially crafted IRC message, could\n possibly cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-51\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WeeChat users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-irc/weechat-2.7.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9759\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-irc/weechat\", unaffected:make_list(\"ge 2.7.1\"), vulnerable:make_list(\"lt 2.7.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WeeChat\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:08:09", "description": "Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that could result in a buffer overflow and application crash. This could cause a denial of service or possibly have other impact.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.0.1-1+deb8u3.\n\nWe recommend that you upgrade your weechat packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-25T00:00:00", "type": "nessus", "title": "Debian DLA-2157-1 : weechat security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:weechat", "p-cpe:/a:debian:debian_linux:weechat-core", "p-cpe:/a:debian:debian_linux:weechat-curses", "p-cpe:/a:debian:debian_linux:weechat-dbg", "p-cpe:/a:debian:debian_linux:weechat-dev", "p-cpe:/a:debian:debian_linux:weechat-doc", "p-cpe:/a:debian:debian_linux:weechat-plugins", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2157.NASL", "href": "https://www.tenable.com/plugins/nessus/134881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2157-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134881);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-8955\", \"CVE-2020-9759\", \"CVE-2020-9760\");\n\n script_name(english:\"Debian DLA-2157-1 : weechat security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in weechat, a fast, light and\nextensible chat client. All issues are about crafted messages, that\ncould result in a buffer overflow and application crash. This could\ncause a denial of service or possibly have other impact.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.0.1-1+deb8u3.\n\nWe recommend that you upgrade your weechat packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/weechat\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"weechat\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-core\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-curses\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-dbg\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-dev\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-doc\", reference:\"1.0.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"weechat-plugins\", reference:\"1.0.1-1+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:55:57", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2770 advisory.\n\n - irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). (CVE-2020-8955)\n\n - A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. (CVE-2020-9759)\n\n - An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. (CVE-2020-9760)\n\n - WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.\n (CVE-2021-40516)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-01T00:00:00", "type": "nessus", "title": "Debian DLA-2770-1 : weechat - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760", "CVE-2021-40516"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:weechat", "p-cpe:/a:debian:debian_linux:weechat-core", "p-cpe:/a:debian:debian_linux:weechat-curses", "p-cpe:/a:debian:debian_linux:weechat-dbg", "p-cpe:/a:debian:debian_linux:weechat-dev", "p-cpe:/a:debian:debian_linux:weechat-doc", "p-cpe:/a:debian:debian_linux:weechat-plugins", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2770.NASL", "href": "https://www.tenable.com/plugins/nessus/153809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2770. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153809);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-8955\",\n \"CVE-2020-9759\",\n \"CVE-2020-9760\",\n \"CVE-2021-40516\"\n );\n\n script_name(english:\"Debian DLA-2770-1 : weechat - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2770 advisory.\n\n - irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause\n a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via\n a malformed IRC message 324 (channel mode). (CVE-2020-8955)\n\n - A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and\n overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit\n this vulnerability through crafted configuration files and executable files. (CVE-2020-9759)\n\n - An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is\n received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is\n set for a nick. (CVE-2020-9760)\n\n - WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket\n frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.\n (CVE-2021-40516)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/weechat\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-9759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-9760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-40516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/weechat\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the weechat packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.6-1+deb9u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9759\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'weechat', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-core', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-curses', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-dbg', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-dev', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-doc', 'reference': '1.6-1+deb9u3'},\n {'release': '9.0', 'prefix': 'weechat-plugins', 'reference': '1.6-1+deb9u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'weechat / weechat-core / weechat-curses / weechat-dbg / weechat-dev / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-04-23T17:53:33", "description": "Package : weechat\nVersion : 1.0.1-1+deb8u3\nCVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760\n\n\nSeveral issues have been found in weechat, a fast, light and extensible \nchat client.\nAll issues are about crafted messages, that could result in \na buffer overflow and application crash. This could cause a denial of \nservice or possibly have other impact.\n\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.0.1-1+deb8u3.\n\nWe recommend that you upgrade your weechat packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-24T21:08:21", "type": "debian", "title": "[SECURITY] [DLA 2157-1] weechat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760"], "modified": "2020-03-24T21:08:21", "id": "DEBIAN:DLA-2157-1:0A17B", "href": "https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-23T17:39:18", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2770-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Adrian Bunk\nSeptember 30, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : weechat\nVersion : 1.6-1+deb9u3\nCVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516\nDebian Bug : 951289 993803\n\nSeveral vulnerabilities were fixed in the chat client WeeChat.\n\nCVE-2020-8955\n\n A crafted irc message 324 (channel mode) could result in a crash.\n\nCVE-2020-9759\n\n A crafted irc message 352 (who) could result in a crash.\n\nCVE-2020-9760\n\n A crafted irc message 005 (setting a new mode for a nick) could \n result in a crash.\n\nCVE-2021-40516\n\n A crafted WebSocket frame could result in a crash in the Relay plugin.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.6-1+deb9u3.\n\nWe recommend that you upgrade your weechat packages.\n\nFor the detailed security status of weechat please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/weechat\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-30T12:06:58", "type": "debian", "title": "[SECURITY] [DLA 2770-1] weechat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760", "CVE-2021-40516"], "modified": "2021-09-30T12:06:58", "id": "DEBIAN:DLA-2770-1:B4F6B", "href": "https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-26T17:02:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-03-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for weechat (DLA-2157-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9759", "CVE-2020-9760", "CVE-2020-8955"], "modified": "2020-03-25T00:00:00", "id": "OPENVAS:1361412562310892157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892157", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892157\");\n script_version(\"2020-03-25T04:00:14+0000\");\n script_cve_id(\"CVE-2020-8955\", \"CVE-2020-9759\", \"CVE-2020-9760\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-25 04:00:14 +0000 (Wed, 25 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-25 04:00:14 +0000 (Wed, 25 Mar 2020)\");\n script_name(\"Debian LTS: Security Advisory for weechat (DLA-2157-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2157-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'weechat'\n package(s) announced via the DLA-2157-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues have been found in weechat, a fast, light and extensible\nchat client.\nAll issues are about crafted messages, that could result in\na buffer overflow and application crash. This could cause a denial of\nservice or possibly have other impact.\");\n\n script_tag(name:\"affected\", value:\"'weechat' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.0.1-1+deb8u3.\n\nWe recommend that you upgrade your weechat packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"weechat\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-core\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-curses\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-dbg\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-dev\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-doc\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"weechat-plugins\", ver:\"1.0.1-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:17:19", "description": "\nSeveral issues have been found in weechat, a fast, light and extensible\nchat client.\nAll issues are about crafted messages, that could result in\na buffer overflow and application crash. This could cause a denial of\nservice or possibly have other impact.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.0.1-1+deb8u3.\n\n\nWe recommend that you upgrade your weechat packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-24T00:00:00", "type": "osv", "title": "weechat - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9759", "CVE-2020-9760", "CVE-2020-8955"], "modified": "2022-07-21T05:53:06", "id": "OSV:DLA-2157-1", "href": "https://osv.dev/vulnerability/DLA-2157-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:15:05", "description": "\nSeveral vulnerabilities were fixed in the chat client WeeChat.\n\n\n* [CVE-2020-8955](https://security-tracker.debian.org/tracker/CVE-2020-8955)\nA crafted irc message 324 (channel mode) could result in a crash.\n* [CVE-2020-9759](https://security-tracker.debian.org/tracker/CVE-2020-9759)\nA crafted irc message 352 (who) could result in a crash.\n* [CVE-2020-9760](https://security-tracker.debian.org/tracker/CVE-2020-9760)\nA crafted irc message 005 (setting a new mode for a nick) could result in a crash.\n* [CVE-2021-40516](https://security-tracker.debian.org/tracker/CVE-2021-40516)\nA crafted WebSocket frame could result in a crash in the Relay plugin.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.6-1+deb9u3.\n\n\nWe recommend that you upgrade your weechat packages.\n\n\nFor the detailed security status of weechat please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/weechat>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-30T00:00:00", "type": "osv", "title": "weechat - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40516", "CVE-2020-9759", "CVE-2020-9760", "CVE-2020-8955"], "modified": "2022-07-21T05:53:52", "id": "OSV:DLA-2770-1", "href": "https://osv.dev/vulnerability/DLA-2770-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-04-22T22:59:26", "description": "### Background\n\nWee Enhanced Environment for Chat (WeeChat) is a light and extensible console IRC client. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WeeChat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by sending a specially crafted IRC message, could possibly cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WeeChat users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-irc/weechat-2.7.1\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-25T00:00:00", "type": "gentoo", "title": "WeeChat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760"], "modified": "2020-03-25T00:00:00", "id": "GLSA-202003-51", "href": "https://security.gentoo.org/glsa/202003-51", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2022-04-22T23:32:40", "description": "Arch Linux Security Advisory ASA-202002-12\n==========================================\n\nSeverity: Critical\nDate : 2020-02-25\nCVE-ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760\nPackage : weechat\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1103\n\nSummary\n=======\n\nThe package weechat before version 2.7.1-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 2.7.1-1.\n\n# pacman -Syu \"weechat>=2.7.1-1\"\n\nThe problems have been fixed upstream in version 2.7.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-8955 (arbitrary code execution)\n\nA heap-based out-of-bounds write has been found in the IRC plugin of\nWeechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC\nmessage 324 (channel mode).\n\n- CVE-2020-9759 (denial of service)\n\nA heap-based out-of-bounds read has been found in Weechat before 2.7.1,\nwhen receiving a malformed IRC message 352 (WHO). It could lead to a\noff-by-one read resulting in denial of service (crash).\n\n- CVE-2020-9760 (arbitrary code execution)\n\nA heap-based out-of-bounds write has been found in Weechat before\n2.7.1, when a new IRC message 005 is received with longer nick\nprefixes. It could lead to writing out of the allocated prefixes array\nwhen setting a prefix, resulting in denial of service (crash) or even\narbitrary code execution.\n\nImpact\n======\n\nA remote attacker can crash the client and execute code remotely via a\nmalformed message.\n\nReferences\n==========\n\nhttps://weechat.org/news/113/20200220-Version-2.7.1-security-release/\nhttps://github.com/weechat/weechat/commit/51a739df615f8ec66fbe1e9682ec3c3218254ad7\nhttps://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e\nhttps://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d\nhttps://security.archlinux.org/CVE-2020-8955\nhttps://security.archlinux.org/CVE-2020-9759\nhttps://security.archlinux.org/CVE-2020-9760", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-25T00:00:00", "type": "archlinux", "title": "[ASA-202002-12] weechat: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760"], "modified": "2020-02-25T00:00:00", "id": "ASA-202002-12", "href": "https://security.archlinux.org/ASA-202002-12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T15:16:16", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * weechat \\- Fast, light and extensible chat client (metapackage)\n\nStuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled \nmalformed websocket frames. A remote attacker in control of a server \ncould possibly use this issue to cause denial of service in a client. \n(CVE-2021-40516)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain \nIRC messages. A remote attacker in control of a server could possibly use \nthis issue to cause denial of service in a client. This issue only affected \nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain \nIRC messages. A remote unauthenticated attacker could possibly use these \nissues to cause denial of service in a client. These issues only affected \nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955)\n\nJoseph Bisch discovered that WeeChat's logger incorrectly handled certain \nmemory operations when handling log file names. A remote attacker could possibly \nuse this issue to cause denial of service in a client. This issue only \naffected Ubuntu 16.04 ESM. (CVE-2017-14727)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T00:00:00", "type": "ubuntu", "title": "WeeChat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14727", "CVE-2020-8955", "CVE-2020-9759", "CVE-2020-9760", "CVE-2021-40516"], "modified": "2022-02-04T00:00:00", "id": "USN-5258-1", "href": "https://ubuntu.com/security/notices/USN-5258-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2020-9760
