Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 709452 (CVE-2020-8955)

Summary: <net-irc/weechat-2.7.1: buffer overflow and application crash via a malformed IRC message 324 (CVE-2020-8955)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: flo, gyakovlev, sam
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8955
Whiteboard: B3 [glsa+ cve]
Package list:
net-irc/weechat-2.7.1
Runtime testing required: ---

Description filip ambroz 2020-02-13 08:28:38 UTC
from URL:
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode)

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8955
https://weechat.org/doc/security/
https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
Comment 1 Larry the Git Cow gentoo-dev 2020-02-13 10:18:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ede8136c1e182c63ea9dfc6b434ec8c529dd2ebf

commit ede8136c1e182c63ea9dfc6b434ec8c529dd2ebf
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-02-13 10:16:51 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-02-13 10:17:12 +0000

    net-irc/weechat: drop 2.6
    
    Bug: https://bugs.gentoo.org/709452
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 net-irc/weechat/Manifest              |   1 -
 net-irc/weechat/weechat-2.6-r1.ebuild | 147 ----------------------------------
 2 files changed, 148 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fed15324d74bdca04d5921143c7b19fce0d7dc03

commit fed15324d74bdca04d5921143c7b19fce0d7dc03
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-02-13 10:15:54 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-02-13 10:17:11 +0000

    net-irc/weechat: 2.7-r2 stable x86 and amd64
    
    Bug: https://bugs.gentoo.org/709452
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 net-irc/weechat/weechat-2.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90ebaefdcf0e3762b12a0b4cf107b284ebccae55

commit 90ebaefdcf0e3762b12a0b4cf107b284ebccae55
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-02-13 10:13:54 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-02-13 10:17:11 +0000

    net-irc/weechat: revbump for CVE-2020-8955
    
    Bug: https://bugs.gentoo.org/709452
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 net-irc/weechat/files/2.7-CVE-2020-8955.patch      | 46 ++++++++++++++++++++++
 ...weechat-2.7-r1.ebuild => weechat-2.7-r2.ebuild} |  2 +
 2 files changed, 48 insertions(+)
Comment 2 Georgy Yakovlev gentoo-dev 2020-02-13 10:19:32 UTC
thanks for reporting, fixed in the tree, old versions removed.
Comment 3 filip ambroz 2020-02-13 10:52:09 UTC
that was fast, thank you!
Comment 4 Georgy Yakovlev gentoo-dev 2020-02-21 07:21:18 UTC
2.7.1 is out and it includes this patch we already have and couple more, minimal changes to 2.7, so let's stabilize it. adding atom to package list and arches to CC.
Comment 5 Georgy Yakovlev gentoo-dev 2020-02-21 07:28:43 UTC
2.7.1 ppc64 stable
Comment 6 Stabilization helper bot gentoo-dev 2020-02-21 08:01:40 UTC
An automated check of this bug failed - repoman reported dependency errors (29 lines truncated): 

> dependency.bad net-irc/weechat/weechat-2.7.1.ebuild: DEPEND: arm(default/linux/arm/17.0) ['dev-util/cpputest']
> dependency.badindev net-irc/weechat/weechat-2.7.1.ebuild: DEPEND: arm(default/linux/arm/17.0/armv4) ['dev-util/cpputest']
> dependency.badindev net-irc/weechat/weechat-2.7.1.ebuild: DEPEND: arm(default/linux/arm/17.0/armv4/desktop) ['dev-util/cpputest']
Comment 7 Agostino Sarubbo gentoo-dev 2020-02-24 07:41:48 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-02-24 14:19:52 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Sam James archtester gentoo-dev Security 2020-03-21 23:53:58 UTC
Tree is clean.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-03-22 06:07:46 UTC
CVE-2020-8955 (https://nvd.nist.gov/vuln/detail/CVE-2020-8955):
  irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7
  allows remote attackers to cause a denial of service (buffer overflow and
  application crash) or possibly have unspecified other impact via a malformed
  IRC message 324 (channel mode).
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2020-03-22 06:27:51 UTC
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 12 Sam James archtester gentoo-dev Security 2020-03-23 16:56:54 UTC
Please note I have filed another bug for more issues with weechat-2.7. I filed it separately for clarity given we've already moved forward with this bug.

See bug 714086.
Comment 13 Sam James archtester gentoo-dev Security 2020-03-23 21:29:37 UTC
Title needs to become <net-irc/weechat-2.7-r2.
Cleanup is now done (in bug 714086).
Comment 14 Thomas Deutschmann gentoo-dev Security 2020-03-25 15:59:40 UTC
Added to an existing GLSA.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:06:22 UTC
This issue was resolved and addressed in
 GLSA 202003-51 at https://security.gentoo.org/glsa/202003-51
by GLSA coordinator Thomas Deutschmann (whissi).