CVE-2012-0828 — Out-of-bounds Write in Xchat-wdk

CWE-787 — Out-of-bounds Write CWE-172 — Encoding Error CWE-122 — Heap-based Buffer Overflow5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

5.9%

top 9.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xchat-wdk Xchat Xchat Xchat-wdk +1 more

Timeline

PublishedFeb 21

Latest updateApr 23

Description

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDxchat/xchat< 2.8.6

▶NVDxchat-wdk/xchat-wdk< 1499-4

▶CVEListV5xchat/xchat2.8.6 on Maemo architecture

▶CVEListV5xchat/xchat-wdkbefore 1499-4 (2012-01-18)

▶NVDgnome/gtk4 versions+3

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-pcc3-c79c-gx8x: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2↗2022-04-23

▶

CVEList

CVE-2012-0828: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2↗2020-02-21

▶

📋Vendor Advisories

Red Hat

xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP↗2012-01-17

▶

💬Community

Bugzilla

CVE-2012-0828 xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP↗2012-02-01

▶