Vulnerability Details : CVE-2020-8955
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2020-8955
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8955
2.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8955
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-8955
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8955
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00032.html
[security-announce] openSUSE-SU-2020:0248-1: important: Security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html
[SECURITY] [DLA 2770-1] weechat security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html
[SECURITY] [DLA 2157-1] weechat security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/
[SECURITY] Fedora 31 Update: weechat-2.7.1-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
irc: fix crash when receiving a malformed message 324 (channel mode) · weechat/weechat@6f4f147 · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/
[SECURITY] Fedora 32 Update: weechat-2.7.1-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/
[SECURITY] Fedora 30 Update: weechat-2.7.1-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202003-51
WeeChat: Multiple vulnerabilities (GLSA 202003-51) — Gentoo securityThird Party Advisory
-
https://weechat.org/doc/security/
WeeChat :: documentation :: securityVendor Advisory
Jump to