CVE-2020-9760: 
NixOS vulnerability analysis and mitigation

A buffer overflow vulnerability (CVE-2020-9760) was discovered in WeeChat versions 0.3.4 through 2.7. The vulnerability occurs when a new IRC message 005 is received with longer nick prefixes, which can trigger a buffer overflow and potentially cause a crash when a new mode is set for a nick (Weechat Security, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is categorized as a buffer overflow vulnerability (CWE-120: Buffer Copy without Checking Size of Input). When processing IRC message 005 containing longer nick prefixes, the application fails to properly validate the input size, leading to a buffer overflow condition (NVD).

The exploitation of this vulnerability could result in a buffer overflow and application crash, potentially leading to a denial of service condition. The vulnerability affects the core functionality of the IRC client when processing certain message types (Gentoo Security).

The vulnerability was fixed in WeeChat version 2.7.1. Users are strongly recommended to upgrade to this version or later as there are no known workarounds for this vulnerability. Various distributions have released security updates to address this issue, including Debian and Gentoo (Debian LTS, Gentoo Security).