Published: 18/01/2017 Updated: 03/02/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hexchat project hexchat 2.10.2

#!/usr/bin/python # #################### # Meta information # #################### # Exploit Title: Hexchat IRC client - CAP LS Handling Stack Buffer Overflow # Date: 2016-02-07 # Exploit Author: PizzaHatHacker # Vendor Homepage: hexchatgithubio/indexhtml # Software Link: hexchatgithubio/downloadshtml # Version: 2110 # Teste ...

Hexchat IRC client version 2110 suffers from a stack buffer overflow vulnerability ...

This is an exploitation guide for CVE-2016-2233

CVE-2016-2233 CVE-2016-2233 is a stack-based buffer overflow vulnerability related with a wide-used IRC software Hexchat We build a IRC server and launch the attack on it to make all the client connected to the server crash We exploited our attack on Ubuntu 1204 using Python We make a patch to fix the vulnerability and prove it indeed works by various tests How to install

CWE-119 https://www.exploit-db.com/exploits/39657/http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html http://www.securityfocus.com/bid/95920 https://nvd.nist.gov https://github.com/fath0218/CVE-2016-2233 https://www.exploit-db.com/exploits/39657/

CVE-2016-2233

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect