CVE-2016-2233

HIGH

HexChat 2.10.2 - Denial of Service via CAP LS Message Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-2233. PoCs published by PizzaHatHacker, fath0218.

AI-analyzed exploit summary This exploit demonstrates a stack buffer overflow in HexChat IRC client by sending a maliciously crafted CAP LS message with repeated options, causing a crash due to overflow in the fixed-size buffer.

Description

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.

Exploits (2)

exploitdb WORKING POC

by PizzaHatHacker · pythondosmultiple

https://www.exploit-db.com/exploits/39657

View Code ZIP pw:eip

This exploit demonstrates a stack buffer overflow in HexChat IRC client by sending a maliciously crafted CAP LS message with repeated options, causing a crash due to overflow in the fixed-size buffer.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: HexChat IRC client 2.11.0 and 2.10.2

No auth needed

Prerequisites: Network access to the target HexChat client · Ability to set up a malicious IRC server or intercept IRC traffic

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by fath0218 · poc

https://github.com/fath0218/CVE-2016-2233

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-2233, a stack-based buffer overflow in HexChat's IRC client. The exploit involves sending a crafted CAP LS message with repeated options to overflow a fixed-size buffer, causing a crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: HexChat 2.10.2 and 2.11.0

No auth needed

Prerequisites: HexChat client connected to a malicious IRC server

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39657/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95920

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html

Scores

CVSS v3 7.5

EPSS 0.3465

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (1)

hexchat_project/hexchat 2.10.2

Published Jan 18, 2017

Tracked Since Feb 18, 2026