{"id":"USN-5258-1","summary":"weechat vulnerabilities","details":"Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled\nmalformed websocket frames. A remote attacker in control of a server\ncould possibly use this issue to cause denial of service in a client.\n(CVE-2021-40516)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain\nIRC messages. A remote attacker in control of a server could possibly use\nthis issue to cause denial of service in a client. This issue only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain\nIRC messages. A remote unauthenticated attacker could possibly use these\nissues to cause denial of service in a client. These issues only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955)\n\nJoseph Bisch discovered that WeeChat's logger incorrectly handled certain\nmemory operations when handling log file names. A remote attacker could possibly\nuse this issue to cause denial of service in a client. This issue only\naffected Ubuntu 16.04 ESM. (CVE-2017-14727)\n","modified":"2026-02-10T04:42:26Z","published":"2022-02-04T16:38:24Z","related":["UBUNTU-CVE-2017-14727","UBUNTU-CVE-2020-8955","UBUNTU-CVE-2020-9759","UBUNTU-CVE-2020-9760","UBUNTU-CVE-2021-40516"],"upstream":["CVE-2017-14727","CVE-2020-8955","CVE-2020-9759","CVE-2020-9760","CVE-2021-40516","UBUNTU-CVE-2017-14727","UBUNTU-CVE-2020-8955","UBUNTU-CVE-2020-9759","UBUNTU-CVE-2020-9760","UBUNTU-CVE-2021-40516"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5258-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-14727"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8955"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9759"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9760"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-40516"}],"affected":[{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/weechat@1.4-2ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-2ubuntu0.1+esm1"}]}],"versions":["1.3-1","1.3-1build1","1.4-1","1.4-1build1","1.4-1build2","1.4-2","1.4-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.4-2ubuntu0.1+esm1","binary_name":"weechat"},{"binary_version":"1.4-2ubuntu0.1+esm1","binary_name":"weechat-core"},{"binary_version":"1.4-2ubuntu0.1+esm1","binary_name":"weechat-curses"},{"binary_version":"1.4-2ubuntu0.1+esm1","binary_name":"weechat-dev"},{"binary_version":"1.4-2ubuntu0.1+esm1","binary_name":"weechat-plugins"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-14727"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-8955"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-9759"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-9760"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-40516"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}},{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/weechat@1.9.1-1ubuntu1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.1-1ubuntu1+esm1"}]}],"versions":["1.9.1-1","1.9.1-1build1","1.9.1-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.9.1-1ubuntu1+esm1","binary_name":"weechat"},{"binary_version":"1.9.1-1ubuntu1+esm1","binary_name":"weechat-core"},{"binary_version":"1.9.1-1ubuntu1+esm1","binary_name":"weechat-curses"},{"binary_version":"1.9.1-1ubuntu1+esm1","binary_name":"weechat-dev"},{"binary_version":"1.9.1-1ubuntu1+esm1","binary_name":"weechat-plugins"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-8955"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-9759"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-9760"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-40516"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}},{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/weechat@2.8-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8-1ubuntu0.1~esm1"}]}],"versions":["2.6-2","2.6-2build1","2.6-2build2","2.6-2ubuntu1","2.6-2ubuntu2","2.8-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-core"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-curses"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-dev"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-guile"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-headless"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-lua"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-perl"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-php"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-plugins"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-python"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-ruby"},{"binary_version":"2.8-1ubuntu0.1~esm1","binary_name":"weechat-tcl"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-40516"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}}],"schema_version":"1.7.3"}