Bug 786391 (CVE-2012-0828)

Summary: CVE-2012-0828 xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aneelica, bressers, ddumas, fedora, jrusnack
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-05 06:52:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Lieskovsky 2012-02-01 10:25:21 UTC 
A heap-based buffer overflow flaw was found in the way xchat, graphical IRC chat client, processed one line of text received from the server, when the text contained Unicode characters and some of the characters were outside of the Basic Multilingual Plane (BMP). A remote attacker could provide a specially-crafted Unicode string as a xchat channel or private message, which once processed would lead to denial of service (xchat client crash), or, potentially arbitrary code execution with the privileges of the user running xchat client.

References:
[1] http://code.google.com/p/xchat-wdk/issues/detail?id=132
[2] http://code.google.com/p/xchat-wdk/issues/detail?id=134
[3] http://code.google.com/p/xchat-wdk/issues/detail?id=135

Xchat-WDK upstream changelog:
[4] http://www.xchat-wdk.org/home/changelog
    part:
    * 1499-4 (2012-01-18)

    add Non-BMP plugin to avoid client crashes

Particular Xchat-WDK upstream patch:
[5] http://lwsitu.com/xchat/replace_non-bmp.diff

Note:
-----
This issue has been reported to affect xchat-v2.8.6 on Maemo architecture too.
Comment 1 Jan Lieskovsky 2012-02-01 10:28:49 UTC 
This issue did NOT affect the versions of xchat package, as shipped with Red Hat Enterprise Linux 4, 5, and 6.

--

This issue did NOT affect the versions of the xchat package, as shipped with Fedora release of 15 and 16.
Comment 2 Jan Lieskovsky 2012-02-01 11:02:54 UTC 
CVE request (for Xchat-WDK on MS Windows 7 and Xchat-v2.8.6 on Maemo architecture):
[6] http://www.openwall.com/lists/oss-security/2012/02/01/4
Comment 3 Jan Lieskovsky 2012-02-01 11:04:32 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of xchat as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
Comment 5 Arun Babu Neelicattu 2014-09-05 06:52:45 UTC 
CVE-2012-0828 was assigned to this flaw [1].

[1] http://www.openwall.com/lists/oss-security/2012/02/01/9