CVE-2016-2087

HexChat 2.11.0 contains a directory traversal vulnerability in the client that allows a remote IRC server to read or modify arbitrary files via a ... in the server name. Multiple connected advisories confirm affected software and fixed/mitigation status: OSV and Debian advisories indicate the iss...

CVE-2013-7449

The CVE-2013-7449 issue affects HexChat (before 2.10.2), XChat, and XChat-GNOME, where ssl_do_connect in common/server.c fails to verify that the server hostname matches a domain in the X.509 certificate. This allows MITM attackers to spoof SSL servers using arbitrary valid certificates. The root...

CVE-2016-2233

CVE-2016-2233 affects HexChat 2.10.2, with a stack-based buffer overflow in inbound_cap_ls (common/inbound.c) that allows remote IRC servers to crash the client by sending many CAP LS options. This is documented across multiple feeds (NVD, OSV, Debian tracker, CNVD, CVE lists) confirming the vuln...