vulnerability
Ubuntu: (CVE-2013-7449): hexchat vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Apr 21, 2016 | Nov 19, 2024 | Jan 23, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Apr 21, 2016
Added
Nov 19, 2024
Modified
Jan 23, 2025
Description
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Solutions
ubuntu-upgrade-hexchatubuntu-upgrade-xchat-gnome
References
- CVE-2013-7449
- https://attackerkb.com/topics/CVE-2013-7449
- URL-http://seclists.org/oss-sec/2015/q1/342
- URL-http://seclists.org/oss-sec/2016/q2/17
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1081839
- URL-https://github.com/hexchat/hexchat/issues/524
- URL-https://launchpad.net/bugs/1565000
- URL-https://www.cve.org/CVERecord?id=CVE-2013-7449
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.