Title: XChat Server Strings Buffer Overflow Vulnerability
Severity: HIGH
Description:
XChat is a freely available, open source IRC client. It is available for the the Unix, Linux, and Microsoft Windows platforms.
XChat IRC client has been reported vulnerable, under certain circumstances, to a buffer overflow condition.
It has been reported that due to a lack of both, sufficient bounds checking and string termination, two malformed non-terminated server supplied strings may be stored contiguously in a fixed internal memory buffer.
As a result of this, a malicious IRC server may be used to pass excessive data to the client and overwrite memory adjacent to the deficient buffer. If this memory contains crucial saved program state values the attacker may be able to influence the programs' flow and execute arbitrary code.
Any code successfully executed would be in the context of the user running the vulnerable IRC application.
This vulnerability was reported to affect XChat version 2.0.1 other versions may also be affected.
Affected Products:
- X-Chat X-Chat 2.0.1
References:
- X-Chat: X-Chat
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
