{"id":"USN-5258-1","summary":"weechat vulnerabilities","details":"Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled\nmalformed websocket frames. A remote attacker in control of a server\ncould possibly use this issue to cause denial of service in a client.\n(CVE-2021-40516)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain\nIRC messages. A remote attacker in control of a server could possibly use\nthis issue to cause denial of service in a client. This issue only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760)\n\nStuart Nevans Locke discovered that WeeChat insecurely handled certain\nIRC messages. A remote unauthenticated attacker could possibly use these\nissues to cause denial of service in a client. These issues only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955)\n\nJoseph Bisch discovered that WeeChat's logger incorrectly handled certain\nmemory operations when handling log file names. A remote attacker could possibly\nuse this issue to cause denial of service in a client. This issue only\naffected Ubuntu 16.04 ESM. (CVE-2017-14727)\n","modified":"2026-05-20T16:04:57.181303249Z","published":"2022-02-04T16:38:24Z","related":["UBUNTU-CVE-2017-14727","UBUNTU-CVE-2020-8955","UBUNTU-CVE-2020-9759","UBUNTU-CVE-2020-9760","UBUNTU-CVE-2021-40516"],"upstream":["CVE-2017-14727","CVE-2020-8955","CVE-2020-9759","CVE-2020-9760","CVE-2021-40516","UBUNTU-CVE-2017-14727","UBUNTU-CVE-2020-8955","UBUNTU-CVE-2020-9759","UBUNTU-CVE-2020-9760","UBUNTU-CVE-2021-40516"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5258-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-14727"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8955"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9759"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9760"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-40516"}],"affected":[{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/weechat?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-2ubuntu0.1+esm1"}]}],"versions":["1.3-1","1.3-1build1","1.4-1","1.4-1build1","1.4-1build2","1.4-2","1.4-2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"weechat-core","binary_version":"1.4-2ubuntu0.1+esm1"},{"binary_name":"weechat-curses","binary_version":"1.4-2ubuntu0.1+esm1"},{"binary_name":"weechat-plugins","binary_version":"1.4-2ubuntu0.1+esm1"},{"binary_name":"weechat","binary_version":"1.4-2ubuntu0.1+esm1"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}},{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/weechat?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.1-1ubuntu1+esm1"}]}],"versions":["1.9.1-1","1.9.1-1build1","1.9.1-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"weechat","binary_version":"1.9.1-1ubuntu1+esm1"},{"binary_name":"weechat-core","binary_version":"1.9.1-1ubuntu1+esm1"},{"binary_name":"weechat-curses","binary_version":"1.9.1-1ubuntu1+esm1"},{"binary_name":"weechat-plugins","binary_version":"1.9.1-1ubuntu1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-8955","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-9759","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-9760","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-40516","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}},{"package":{"name":"weechat","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/weechat?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8-1ubuntu0.1~esm1"}]}],"versions":["2.6-2","2.6-2build1","2.6-2build2","2.6-2ubuntu1","2.6-2ubuntu2","2.8-1"],"ecosystem_specific":{"binaries":[{"binary_name":"weechat","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-core","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-curses","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-guile","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-headless","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-lua","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-perl","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-php","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-plugins","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-python","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-ruby","binary_version":"2.8-1ubuntu0.1~esm1"},{"binary_name":"weechat-tcl","binary_version":"2.8-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2021-40516","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5258-1.json"}}],"schema_version":"1.7.5"}