{"id":"CVE-2020-9760","details":"An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.","modified":"2026-05-30T17:07:50.958258Z","published":"2020-03-23T16:15:17.923Z","database_specific":{"unresolved_ranges":[{"vendor_product":"weechat:weechat","cpes":["cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE","extracted_events":[{"introduced":"0.3.4"},{"fixed":"2.7.1"}]},{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"2.7.1"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-51"},{"type":"ADVISORY","url":"https://weechat.org/doc/security/"},{"type":"FIX","url":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weechat/weechat","events":[{"introduced":"0"},{"fixed":"40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v2.3","v2.7","v2.7-rc1","v2.6","v2.6-rc2","v2.6-rc1","v2.5","v2.5-rc2","v2.5-rc1","v2.4","v2.4-rc1","v2.3-rc1","v2.2","v2.2-rc2","v2.2-rc1","v2.1","v2.1-rc1","v2.0","v2.0-rc1","v1.9","v1.9-rc2","v1.9-rc1","v1.8","v1.8-rc1","v1.7","v1.7-rc2","v1.7-rc1","v1.6","v1.6-rc2","v1.6-rc1","v1.5","v1.5-rc2","v1.5-rc1","v1.4","v1.4-rc2","v1.4-rc1","v1.3","v1.3-rc2","v1.3-rc1","v1.2","v1.2-rc2","v1.2-rc1","v1.1","v1.1-rc2","v1.1-rc1","v1.0","v1.0-rc3","v1.0-rc2","v1.0-rc1","v0.4.3","v0.0.1","release-0-0-1","v0.4.3-rc2","v0.4.3-rc1","v0.4.2","v0.4.2-rc2","v0.4.2-rc1","v0.4.1","v0.4.1-rc2","v0.4.1-rc1","v0.4.0","v0.4.0-rc3","v0.4.0-rc2","v0.4.0-rc1","v0.3.9","v0.3.9-rc2","v0.3.9-rc1","v0.3.8","v0.3.8-rc2","v0.3.8-rc1","v0.3.7","v0.3.7-rc3","v0.3.7-rc2","v0.3.7-rc1","v0.3.6","v0.3.6-rc3","v0.3.6-rc2","v0.3.6-rc1","v0.3.5","v0.3.5-rc3","v0.3.5-rc2","v0.3.5-rc1","v0.3.4","v0.3.4-rc3","v0.3.4-rc2","v0.3.4-rc1","v0.3.3","v0.3.3-rc3","v0.3.3-rc2","v0.3.3-rc1","v0.3.2","v0.3.2-rc1","v0.3.1","v0.3.0","v0.3.0-rc3","v0.3.0-rc2","v0.3.0-rc1","v0.2.6","v0.2.5","release-0-2-5","v0.2.4","release-0-2-4","v0.2.3","release-0-2-3","v0.2.2","release-0-2-2","v0.2.1","release-0-2-1","v0.2.0","release-0-2-0","v0.1.9","release-0-1-9","v0.1.8","release-0-1-8","v0.1.7","release-0-1-7","v0.1.6","release-0-1-6","v0.1.5","release-0-1-5","v0.1.4","release-0-1-4","v0.1.3","release-0-1-3","v0.1.2","release-0-1-2","v0.1.1","release-0-1-1","v0.1.0","release-0-1-0","v0.0.9","release-0-0-9","v0.0.8","release-0-0-8","v0.0.7","release-0-0-7","v0.0.6","release-0-0-6","v0.0.5","release-0-0-5","v0.0.4","release-0-0-4","v0.0.3","release-0-0-3","v0.0.2","release-0-0-2"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/plugins/irc/irc-server.c"},"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["325596194213706182479652272081936598340","132268216224256037571839750429924175280","44497950053967307772718137244273875544","132550677232131315184311444001429665351","97418110254259639727718916227023582353","149303952922933676077113852457245993771","129402597196439469058390957584289549233","108587633537507210242609878158511307392","111708766549982062342636204382193101079","167118086744474657822052685044811994853"],"threshold":0.9},"source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","id":"CVE-2020-9760-24b17d3c","deprecated":false},{"target":{"file":"src/plugins/irc/irc-nick.h"},"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["213054129778902522372905892267968144680","131097610739893464754850419081481526954","228471673978473928265094791230654823703","197161856197992666943380620234508962100"],"threshold":0.9},"source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","id":"CVE-2020-9760-6054fd6a","deprecated":false},{"target":{"file":"src/plugins/irc/irc-server.c","function":"irc_server_set_prefix_modes_chars"},"signature_type":"Function","signature_version":"v1","digest":{"length":863,"function_hash":"128916233876534572922588486440859965445"},"source":"https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f","id":"CVE-2020-9760-a185fca6","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9760.json","vanir_signatures_modified":"2026-05-30T17:07:50Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}