CVE-2011-5129

XChat < 2.8.9 - Heap-Based Buffer Overflow via Long Response String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5129. PoCs published by Jane Doe.

AI-analyzed exploit summary This exploit triggers a heap overflow in XChat (versions <= 2.8.9) by sending a malformed IRC server response. It requires a minimum of 1537 ASCII value 20 characters followed by additional data to crash the client.

Description

Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jane Doe · pythondoslinux
https://www.exploit-db.com/exploits/18159

This exploit triggers a heap overflow in XChat (versions <= 2.8.9) by sending a malformed IRC server response. It requires a minimum of 1537 ASCII value 20 characters followed by additional data to crash the client.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: XChat <= 2.8.9
No auth needed
Prerequisites: XChat client connected to a malicious IRC server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50820
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027468
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/77629
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18159

Scores

EPSS 0.0770
EPSS Percentile 93.8%

Details

CWE
CWE-119
Status published
Products (47)
xchat/xchat 1.2.1
xchat/xchat 1.3.9
xchat/xchat 1.3.10
xchat/xchat 1.3.11
xchat/xchat 1.3.12
xchat/xchat 1.3.13
xchat/xchat 1.4
xchat/xchat 1.4.1
xchat/xchat 1.4.2
xchat/xchat 1.4.3
... and 37 more
Published Aug 30, 2012
Tracked Since Feb 18, 2026