xchat 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2012-0828 | Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | [email protected] | 9.8 | 4.18% | 2020-02-21 | 2024-11-21 |
| CVE-2013-7449 | The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | [email protected] | 6.5 | 0.76% | 2016-04-21 | 2026-05-06 |
| CVE-2011-5129 | Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string. | [email protected] | 5.0 | 7.70% | 2012-08-30 | 2026-04-29 |
| CVE-2009-0315 | Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | [email protected] | 6.9 | 0.37% | 2009-01-28 | 2026-04-23 |
| CVE-2008-2841 | Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | [email protected] | 6.8 | 15.38% | 2008-06-24 | 2026-04-23 |
| CVE-2006-4455 | Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version" | [email protected] | 5.0 | 4.99% | 2006-08-30 | 2026-04-16 |
| CVE-2004-0409 | Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code. | [email protected] | 7.5 | 8.96% | 2004-06-01 | 2026-04-16 |
| CVE-2003-1000 | xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | [email protected] | 7.5 | 2.55% | 2004-01-05 | 2026-06-16 |
| CVE-2002-0382 | XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters. | [email protected] | 7.5 | 2.39% | 2002-06-25 | 2026-06-16 |
| CVE-2002-0006 | XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. | [email protected] | 7.5 | 8.09% | 2002-06-25 | 2026-06-16 |
| CVE-2001-0792 | Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. | [email protected] | 7.5 | 2.75% | 2001-10-18 | 2026-06-16 |
| CVE-2000-0787 | IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. | [email protected] | 7.5 | 9.21% | 2000-10-20 | 2026-06-16 |