Bug 1020738 - (CVE-2016-2233) VUL-1: CVE-2016-2233: hexchat: Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.cin
VUL-1: CVE-2016-2233: hexchat: Stack-based buffer overflow in the inbound_cap...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-01-18 22:02 UTC by Andreas Stieger
Modified: 2020-05-12 13:55 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-18 22:02:07 UTC
Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c
in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash)
via a large number of options in a CAP LS message.

Exploit at https://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html

Comment 1 Andreas Stieger 2017-01-18 22:15:40 UTC
No patch found upstream for this issue.
Comment 2 Swamp Workflow Management 2017-01-18 23:00:57 UTC
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-01-19 09:37:54 UTC
Adjust rating. Requires connection to a malicious server. VUL-1
Comment 4 Andreas Stieger 2017-01-19 09:50:29 UTC
Comment 6 Andreas Stieger 2017-01-19 15:33:55 UTC
Fixed in v2.12.4, v2.12.0
SUSE:SLE-12-SP1:Update/hexchat affected
SUSE:SLE-12-SP2:Update/hexchat not affected
openSUSE:Leap:42.1:Update affected
openSUSE:Leap:42.2:Update not affected
Comment 8 Marcus Meissner 2017-02-14 14:10:28 UTC
bug would trigger fortify overflow checker if encountered.
Comment 9 Bernhard Wiedemann 2017-03-02 07:01:23 UTC
This is an autogenerated message for OBS integration:
This bug (1020738) was mentioned in
https://build.opensuse.org/request/show/461766 42.1 / hexchat
Comment 11 Jonathan Kang 2017-03-08 02:58:21 UTC
Comment 12 Johannes Segitz 2018-03-16 09:22:34 UTC
please don't close security bugs. Assign them to security-team@suse.de once you're done
Comment 13 Alexandros Toptsoglou 2020-05-12 13:54:37 UTC
SLE12 and SLE15 ship an already fixed version. Closing
Comment 14 Alexandros Toptsoglou 2020-05-12 13:55:31 UTC
(In reply to Alexandros Toptsoglou from comment #13)
> SLE12 and SLE15 ship an already fixed version. Closing

Correction: SLE12-SP2 and SLE15 ship an already fixed version. SLE12 is EOL.