CVE-2016-2233

HIGH

Hexchat - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.

Exploits (2)

exploitdb WORKING POC

by PizzaHatHacker · pythondosmultiple

https://www.exploit-db.com/exploits/39657

View Code ZIP pw:eip

nomisec WORKING POC

by fath0218 · poc

https://github.com/fath0218/CVE-2016-2233

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39657/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95920

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html

Scores

CVSS v3 7.5

EPSS 0.1442

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (1)

hexchat_project/hexchat 2.10.2

Published Jan 18, 2017

Tracked Since Feb 18, 2026