Bug 786391 (CVE-2012-0828) - CVE-2012-0828 xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP
Summary: CVE-2012-0828 xchat: Heap-based buffer overflow by processing UTF-8 line from...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-0828
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-01 10:25 UTC by Jan Lieskovsky
Modified: 2021-02-24 13:16 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-05 06:52:45 UTC
Embargoed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2012-02-01 10:25:21 UTC
A heap-based buffer overflow flaw was found in the way xchat, graphical IRC chat client, processed one line of text received from the server, when the text contained Unicode characters and some of the characters were outside of the Basic Multilingual Plane (BMP). A remote attacker could provide a specially-crafted Unicode string as a xchat channel or private message, which once processed would lead to denial of service (xchat client crash), or, potentially arbitrary code execution with the privileges of the user running xchat client.

References:
[1] http://code.google.com/p/xchat-wdk/issues/detail?id=132
[2] http://code.google.com/p/xchat-wdk/issues/detail?id=134
[3] http://code.google.com/p/xchat-wdk/issues/detail?id=135

Xchat-WDK upstream changelog:
[4] http://www.xchat-wdk.org/home/changelog
    part:
    * 1499-4 (2012-01-18)

    add Non-BMP plugin to avoid client crashes

Particular Xchat-WDK upstream patch:
[5] http://lwsitu.com/xchat/replace_non-bmp.diff

Note:
-----
This issue has been reported to affect xchat-v2.8.6 on Maemo architecture too.

Comment 1 Jan Lieskovsky 2012-02-01 10:28:49 UTC
This issue did NOT affect the versions of xchat package, as shipped with Red Hat Enterprise Linux 4, 5, and 6.

--

This issue did NOT affect the versions of the xchat package, as shipped with Fedora release of 15 and 16.

Comment 2 Jan Lieskovsky 2012-02-01 11:02:54 UTC
CVE request (for Xchat-WDK on MS Windows 7 and Xchat-v2.8.6 on Maemo architecture):
[6] http://www.openwall.com/lists/oss-security/2012/02/01/4

Comment 3 Jan Lieskovsky 2012-02-01 11:04:32 UTC
Statement:

Not vulnerable. This issue did not affect the versions of xchat as shipped
with Red Hat Enterprise Linux 4, 5, and 6.

Comment 5 Arun Babu Neelicattu 2014-09-05 06:52:45 UTC
CVE-2012-0828 was assigned to this flaw [1].

[1] http://www.openwall.com/lists/oss-security/2012/02/01/9


Note You need to log in before you can comment on or make changes to this bug.