A heap-based buffer overflow flaw was found in the way xchat, graphical IRC chat client, processed one line of text received from the server, when the text contained Unicode characters and some of the characters were outside of the Basic Multilingual Plane (BMP). A remote attacker could provide a specially-crafted Unicode string as a xchat channel or private message, which once processed would lead to denial of service (xchat client crash), or, potentially arbitrary code execution with the privileges of the user running xchat client. References: [1] http://code.google.com/p/xchat-wdk/issues/detail?id=132 [2] http://code.google.com/p/xchat-wdk/issues/detail?id=134 [3] http://code.google.com/p/xchat-wdk/issues/detail?id=135 Xchat-WDK upstream changelog: [4] http://www.xchat-wdk.org/home/changelog part: * 1499-4 (2012-01-18) add Non-BMP plugin to avoid client crashes Particular Xchat-WDK upstream patch: [5] http://lwsitu.com/xchat/replace_non-bmp.diff Note: ----- This issue has been reported to affect xchat-v2.8.6 on Maemo architecture too.
This issue did NOT affect the versions of xchat package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue did NOT affect the versions of the xchat package, as shipped with Fedora release of 15 and 16.
CVE request (for Xchat-WDK on MS Windows 7 and Xchat-v2.8.6 on Maemo architecture): [6] http://www.openwall.com/lists/oss-security/2012/02/01/4
Statement: Not vulnerable. This issue did not affect the versions of xchat as shipped with Red Hat Enterprise Linux 4, 5, and 6.
CVE-2012-0828 was assigned to this flaw [1]. [1] http://www.openwall.com/lists/oss-security/2012/02/01/9