CVE-2016-2233 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hexchat Project	Hexchat	2.10.2

Related Weaknesses (CWE)

CWE-119

References

http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-HanExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/95920
https://www.exploit-db.com/exploits/39657/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-HanExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/95920
https://www.exploit-db.com/exploits/39657/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-2233?

CVE-2016-2233 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP L...

How severe is CVE-2016-2233?

CVE-2016-2233 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2233?

Check the references section above for vendor advisories and patch information. Affected products include: Hexchat Project Hexchat.