CVE-2020-9760

Description

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.

How to fix CVE-2020-9760

To remediate CVE-2020-9760, upgrade the affected package to a fixed version below.

• Debian/weechat—upgrade to 2.7.1-1 or later

Is CVE-2020-9760 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.7.1-1

CVSS scores

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-9760