CVE-2013-7449

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:xchat:xchat:-:*:*:*:*:*:*:*
cpe:2.3:a:xchat:xchat_gnome:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:hexchat_project:hexchat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:01

Type Values Removed Values Added
References () http://hexchat.readthedocs.org/en/latest/changelog.html - Vendor Advisory () http://hexchat.readthedocs.org/en/latest/changelog.html - Vendor Advisory
References () http://www.ubuntu.com/usn/USN-2945-1 - () http://www.ubuntu.com/usn/USN-2945-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1081839 - () https://bugzilla.redhat.com/show_bug.cgi?id=1081839 -
References () https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d - () https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d -
References () https://github.com/hexchat/hexchat/issues/524 - () https://github.com/hexchat/hexchat/issues/524 -

Information

Published : 2016-04-21 14:59

Updated : 2024-11-21 02:01


NVD link : CVE-2013-7449

Mitre link : CVE-2013-7449

CVE.ORG link : CVE-2013-7449


JSON object : View

Products Affected

canonical

  • ubuntu_linux

xchat

  • xchat_gnome
  • xchat

hexchat_project

  • hexchat
CWE
CWE-310

Cryptographic Issues