Xchat : Security Vulnerabilities, CVEs, CVSS score >= 7
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
Max CVSS
9.8
EPSS Score
1.97%
Published
2020-02-21
Updated
2020-03-05
Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
18.93%
Published
2004-06-01
Updated
2017-10-11
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
Max CVSS
7.5
EPSS Score
0.22%
Published
2004-01-05
Updated
2024-01-09
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.
Max CVSS
7.5
EPSS Score
1.11%
Published
2002-06-25
Updated
2016-10-18
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
Max CVSS
7.5
EPSS Score
8.31%
Published
2002-06-25
Updated
2017-10-10
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
Max CVSS
7.5
EPSS Score
1.11%
Published
2001-10-18
Updated
2017-10-10
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.
Max CVSS
7.5
EPSS Score
10.99%
Published
2000-10-20
Updated
2008-09-10
7 vulnerabilities found