CVE-2012-0828
published 2020-02-21CVE-2012-0828: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.18%
89.7th percentile
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| xchat-wdk | xchat-wdk | < 1499-4 | 1499-4 |
| xchat | xchat | < 2.8.6 | 2.8.6 |
| xchat | xchat | — | — |
| xchat | xchat-wdk | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pcc3-c79c-gx8x: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2
ghsa_unreviewed·2022-04-23
CVE-2012-0828 [HIGH] GHSA-pcc3-c79c-gx8x: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
Red Hat
xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP
vendor_redhat·2012-01-17·CVSS 9.8
CVE-2012-0828 [CRITICAL] CWE-172 xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP
xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
Statement: Not vulnerable. This issue did not affect the versions of xchat as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
Package: xchat (Red Hat Enterprise Linux 4) - Not affected
Package: xchat (Red Hat Enterprise Linux 5) - Not affected
Package: xchat (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2012/02/01/9https://access.redhat.com/security/cve/cve-2012-0828https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828https://security-tracker.debian.org/tracker/CVE-2012-0828http://www.openwall.com/lists/oss-security/2012/02/01/9https://access.redhat.com/security/cve/cve-2012-0828https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828https://security-tracker.debian.org/tracker/CVE-2012-0828
2020-02-21
Published