CVE-2016-2233

Name of the Vulnerable Software and Affected Versions HexChat version 2.10.2

Description The issue is a stack-based buffer overflow in the inbound cap ls function, which can be triggered by remote IRC servers sending a large number of options in a CAP LS message, leading to a denial of service (crash).

Recommendations For HexChat version 2.10.2, consider restricting the handling of CAP LS messages from remote IRC servers until a patch is available. As a temporary workaround, limiting the number of options accepted in a CAP LS message may help mitigate the risk of exploitation.