{"id":"CVE-2020-8955","details":"irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).","modified":"2026-04-16T04:33:24.647134822Z","published":"2020-02-12T22:15:13.207Z","related":["openSUSE-SU-2020:0248-1","openSUSE-SU-2024:11508-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00032.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-51"},{"type":"ADVISORY","url":"https://weechat.org/doc/security/"},{"type":"FIX","url":"https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weechat/weechat","events":[{"introduced":"d6bd119d76ab62f45f4f575781f9c93c7d6c254e"},{"last_affected":"236dbe3f629e2384e3e0014ec0985df3ad401534"},{"fixed":"6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da"}],"database_specific":{"versions":[{"introduced":"0.3.8"},{"last_affected":"2.7"}]}}],"versions":["v0.3.8","v0.3.9","v0.3.9-rc1","v0.3.9-rc2","v0.4.0","v0.4.0-rc1","v0.4.0-rc2","v0.4.0-rc3","v0.4.1","v0.4.1-rc1","v0.4.1-rc2","v0.4.2","v0.4.2-rc1","v0.4.2-rc2","v0.4.3","v0.4.3-rc1","v0.4.3-rc2","v1.0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.1","v1.1-rc1","v1.1-rc2","v1.2","v1.2-rc1","v1.2-rc2","v1.3","v1.3-rc1","v1.3-rc2","v1.4","v1.4-rc1","v1.4-rc2","v1.5","v1.5-rc1","v1.5-rc2","v1.6","v1.6-rc1","v1.6-rc2","v1.7","v1.7-rc1","v1.7-rc2","v1.8","v1.8-rc1","v1.9","v1.9-rc1","v1.9-rc2","v2.0","v2.0-rc1","v2.1","v2.1-rc1","v2.2","v2.2-rc1","v2.2-rc2","v2.3","v2.3-rc1","v2.4","v2.4-rc1","v2.5","v2.5-rc1","v2.5-rc2","v2.6","v2.6-rc1","v2.6-rc2","v2.7","v2.7-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8955.json","vanir_signatures":[{"target":{"function":"irc_mode_channel_update","file":"src/plugins/irc/irc-mode.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da","id":"CVE-2020-8955-1b8299ba","digest":{"function_hash":"223350524238790654043842164543245510326","length":2502},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["200879968070498314343440529766462460162","267790770994180775470654757621928752132","84311193978423127644732102481155587185","37738585302980977653187765980868653464","103144408093402382474082176671652325727","248047512738540522610242778759283707096","13726779807730142557510816354576803671","304711207680069284387163760563633707915","134091926362240965518819909662205922465","77567932931264461531056880510287982960","61653280659459939285653700726216165635","144127429652462822056848416788256299906","293177098233781010308844640392180242208","285905928978361185004924297576737108114"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/plugins/irc/irc-mode.c"},"id":"CVE-2020-8955-afbcfe2f","source":"https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T17:01:37Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}