CVE-2013-7449

Name of the Vulnerable Software and Affected Versions HexChat versions prior to 2.10.2 XChat (affected versions not specified) XChat-GNOME (affected versions not specified)

Description The issue is related to the ssl do connect function in common/server.c, which fails to verify that the server hostname matches a domain name in the X.509 certificate. This allows attackers to spoof SSL servers via an arbitrary valid certificate, enabling man-in-the-middle attacks.

Recommendations For HexChat versions prior to 2.10.2, update to version 2.10.2 or later. For XChat and XChat-GNOME, at the moment, there is no information about a newer version that contains a fix for this vulnerability.