PT-2017-7995 · Hexchat · Hexchat

Pizzahathacker

Published

2017-01-18

Updated

2020-10-06

CVE-2016-2087

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions HexChat version 2.11.0

Description A directory traversal issue exists in the client, allowing remote IRC servers to read or modify arbitrary files by including a .. (dot dot) in the server name.

Recommendations For HexChat version 2.11.0, update to a newer version that contains a fix for this issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-2087

DLA-1050-1

SUSE-SU-2020:2872-1

Affected Products

Hexchat

PT-2017-7995 · Hexchat · Hexchat

CVE-2016-2087

Weakness Enumeration

Related Identifiers

Affected Products

References · 15