{"id":"CVE-2020-9760","details":"An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.","modified":"2026-04-16T04:42:28.987889547Z","published":"2020-03-23T16:15:17.923Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-51"},{"type":"ADVISORY","url":"https://weechat.org/doc/security/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html"},{"type":"FIX","url":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weechat/weechat","events":[{"introduced":"0b89084ea4dc5cfe353541a41059d62b62d8dc84"},{"fixed":"5c0aa1aae7ac3e209acf62cce6eacffcc887cc98"},{"fixed":"40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f"}],"database_specific":{"versions":[{"introduced":"0.3.4"},{"fixed":"2.7.1"}]}}],"versions":["v0.3.4","v0.3.5","v0.3.5-rc1","v0.3.5-rc2","v0.3.5-rc3","v0.3.6","v0.3.6-rc1","v0.3.6-rc2","v0.3.6-rc3","v0.3.7","v0.3.7-rc1","v0.3.7-rc2","v0.3.7-rc3","v0.3.8","v0.3.8-rc1","v0.3.8-rc2","v0.3.9","v0.3.9-rc1","v0.3.9-rc2","v0.4.0","v0.4.0-rc1","v0.4.0-rc2","v0.4.0-rc3","v0.4.1","v0.4.1-rc1","v0.4.1-rc2","v0.4.2","v0.4.2-rc1","v0.4.2-rc2","v0.4.3","v0.4.3-rc1","v0.4.3-rc2","v1.0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.1","v1.1-rc1","v1.1-rc2","v1.2","v1.2-rc1","v1.2-rc2","v1.3","v1.3-rc1","v1.3-rc2","v1.4","v1.4-rc1","v1.4-rc2","v1.5","v1.5-rc1","v1.5-rc2","v1.6","v1.6-rc1","v1.6-rc2","v1.7","v1.7-rc1","v1.7-rc2","v1.8","v1.8-rc1","v1.9","v1.9-rc1","v1.9-rc2","v2.0","v2.0-rc1","v2.1","v2.1-rc1","v2.2","v2.2-rc1","v2.2-rc2","v2.3","v2.3-rc1","v2.4","v2.4-rc1","v2.5","v2.5-rc1","v2.5-rc2","v2.6","v2.6-rc1","v2.6-rc2","v2.7","v2.7-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"id":"CVE-2020-9760-24b17d3c","source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","signature_version":"v1","signature_type":"Line","target":{"file":"src/plugins/irc/irc-server.c"},"digest":{"threshold":0.9,"line_hashes":["325596194213706182479652272081936598340","132268216224256037571839750429924175280","44497950053967307772718137244273875544","132550677232131315184311444001429665351","97418110254259639727718916227023582353","149303952922933676077113852457245993771","129402597196439469058390957584289549233","108587633537507210242609878158511307392","111708766549982062342636204382193101079","167118086744474657822052685044811994853"]},"deprecated":false},{"id":"CVE-2020-9760-6054fd6a","source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","signature_version":"v1","signature_type":"Line","target":{"file":"src/plugins/irc/irc-nick.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["213054129778902522372905892267968144680","131097610739893464754850419081481526954","228471673978473928265094791230654823703","197161856197992666943380620234508962100"]}},{"id":"CVE-2020-9760-a185fca6","source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","signature_version":"v1","signature_type":"Function","target":{"file":"src/plugins/irc/irc-server.c","function":"irc_server_set_prefix_modes_chars"},"digest":{"length":863,"function_hash":"128916233876534572922588486440859965445"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9760.json","vanir_signatures_modified":"2026-04-11T17:01:43Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}