Hexchat Project Hexchat vulnerabilities
3 known vulnerabilities affecting hexchat_project/hexchat.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2016-2233P3HIGHCVSS 7.5PoCv2.10.22017-01-18
CVE-2016-2233 [HIGH] CWE-119 CVE-2016-2233: Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 all
Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.
nvdosv
CVE-2016-2087P3HIGHCVSS 7.4PoCv2.11.02017-01-18
CVE-2016-2087 [HIGH] CWE-22 CVE-2016-2087: Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
nvdosv
CVE-2013-7449P4MEDIUMCVSS 6.5≤ 2.10.12016-04-21
CVE-2013-7449 [MEDIUM] CWE-310 CVE-2013-7449: The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
nvdosv