vulnerability

Arch Linux: Arbitrary code execution (CVE-2020-9760)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 23, 2020	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 23, 2020

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to writing out of the allocated prefixes array when setting a prefix, resulting in denial of service (crash) or even arbitrary code execution.

Solution

arch-linux-upgrade-latest

References

CVE-2020-9760
https://attackerkb.com/topics/CVE-2020-9760
URL-https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
URL-https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html
URL-https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html
URL-https://security.archlinux.org/ASA-202002-12
URL-https://security.gentoo.org/glsa/202003-51
URL-https://weechat.org/doc/security/
URL-https://weechat.org/news/113/20200220-Version-2.7.1-security-release/
CWE-120

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today