Bug 1020738 – VUL-1: CVE-2016-2233: hexchat: Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.cin

Bug 1020738 - (CVE-2016-2233) VUL-1: CVE-2016-2233: hexchat: Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.cin

(CVE-2016-2233)
Summary:	VUL-1: CVE-2016-2233: hexchat: Stack-based buffer overflow in the inbound_cap...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/178854/
Whiteboard:	CVSSv3:NVD:CVE-2016-2233:7.5:(AV:N/AC...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-01-18 22:02 UTC by Andreas Stieger
Modified:	2020-05-12 13:55 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2017-01-18 22:02:07 UTC

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c
in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash)
via a large number of options in a CAP LS message.

Exploit at https://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2233
https://www.exploit-db.com/exploits/39657/
http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html

Comment 1 Andreas Stieger 2017-01-18 22:15:40 UTC

No patch found upstream for this issue.

Comment 2 Swamp Workflow Management 2017-01-18 23:00:57 UTC

bugbot adjusting priority

Comment 3 Andreas Stieger 2017-01-19 09:37:54 UTC

Adjust rating. Requires connection to a malicious server. VUL-1

Comment 4 Andreas Stieger 2017-01-19 09:50:29 UTC

https://github.com/hexchat/hexchat/issues/1934

Comment 5 Andreas Stieger 2017-01-19 15:28:53 UTC

https://github.com/hexchat/hexchat/commit/4e061a43b3453a9856d34250c3913175c45afe9d

Comment 6 Andreas Stieger 2017-01-19 15:33:55 UTC

Fixed in v2.12.4, v2.12.0
SUSE:SLE-12-SP1:Update/hexchat affected
SUSE:SLE-12-SP2:Update/hexchat not affected
openSUSE:Leap:42.1:Update affected
openSUSE:Leap:42.2:Update not affected

Comment 8 Marcus Meissner 2017-02-14 14:10:28 UTC

bug would trigger fortify overflow checker if encountered.

Comment 9 Bernhard Wiedemann 2017-03-02 07:01:23 UTC

This is an autogenerated message for OBS integration:
This bug (1020738) was mentioned in
https://build.opensuse.org/request/show/461766 42.1 / hexchat

Comment 11 Jonathan Kang 2017-03-08 02:58:21 UTC

fixed

Comment 12 Johannes Segitz 2018-03-16 09:22:34 UTC

please don't close security bugs. Assign them to security-team@suse.de once you're done

Comment 13 Alexandros Toptsoglou 2020-05-12 13:54:37 UTC

SLE12 and SLE15 ship an already fixed version. Closing

Comment 14 Alexandros Toptsoglou 2020-05-12 13:55:31 UTC

(In reply to Alexandros Toptsoglou from comment #13)
> SLE12 and SLE15 ship an already fixed version. Closing

Correction: SLE12-SP2 and SLE15 ship an already fixed version. SLE12 is EOL.