CVE-2013-7449

EUVD-2013-7213
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
xchatxchat
-
xchatxchat_gnome
-
hexchat_projecthexchat
𝑥
≤ 2.10.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hexchat
bookworm
2.16.1-1
fixed
bullseye
2.14.3-6+deb11u1
fixed
jessie
no-dsa
sid
2.16.2-1
fixed
squeeze
no-dsa
trixie
2.16.2-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hexchat
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
dne
trusty
Fixed 2.9.6.1-2ubuntu0.1
released
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
xchat
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
ignored
trusty
dne
wily
ignored
xenial
dne
yakkety
dne
zesty
dne
xchat-gnome
artful
not-affected
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1:0.30.0~git20110821.e2a400-0.2ubuntu4.3
released
trusty
Fixed 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2
released
wily
Fixed 1:0.30.0~git20141005.816798-0ubuntu6.2
released
xenial
not-affected
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://hexchat.readthedocs.org/en/latest/changelog.html
http://www.ubuntu.com/usn/USN-2945-1
https://bugzilla.redhat.com/show_bug.cgi?id=1081839
https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
https://github.com/hexchat/hexchat/issues/524
http://hexchat.readthedocs.org/en/latest/changelog.html
http://www.ubuntu.com/usn/USN-2945-1
https://bugzilla.redhat.com/show_bug.cgi?id=1081839
https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
https://github.com/hexchat/hexchat/issues/524