CVE-2013-7449

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:xchat:xchat:-:*:*:*:*:*:*:*
cpe:2.3:a:xchat:xchat_gnome:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:hexchat_project:hexchat:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-21 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2013-7449

Mitre link : CVE-2013-7449

CVE.ORG link : CVE-2013-7449


JSON object : View

Products Affected

hexchat_project

  • hexchat

canonical

  • ubuntu_linux

xchat

  • xchat_gnome
  • xchat
CWE
CWE-310

Cryptographic Issues