CVE-2011-5129 : Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to

Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.

Published 2012-08-30 22:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2011-5129

Xchat » Xchat
Versions up to, including, (<=) 2.8.9
cpe:2.3:a:xchat:xchat:*:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.3.13
cpe:2.3:a:xchat:xchat:1.3.13:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.4
cpe:2.3:a:xchat:xchat:1.4:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.2.1
cpe:2.3:a:xchat:xchat:1.2.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.3.10
cpe:2.3:a:xchat:xchat:1.3.10:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.3.11
cpe:2.3:a:xchat:xchat:1.3.11:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.3.12
cpe:2.3:a:xchat:xchat:1.3.12:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.4.2
cpe:2.3:a:xchat:xchat:1.4.2:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.5.6
cpe:2.3:a:xchat:xchat:1.5.6:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.3.9
cpe:2.3:a:xchat:xchat:1.3.9:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.4.1
cpe:2.3:a:xchat:xchat:1.4.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.4.3
cpe:2.3:a:xchat:xchat:1.4.3:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.6
cpe:2.3:a:xchat:xchat:2.0.6:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.4
cpe:2.3:a:xchat:xchat:1.8.4:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.5
cpe:2.3:a:xchat:xchat:1.8.5:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.6
cpe:2.3:a:xchat:xchat:1.8.6:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.3
cpe:2.3:a:xchat:xchat:1.9.3:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.4
cpe:2.3:a:xchat:xchat:1.9.4:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.1
cpe:2.3:a:xchat:xchat:2.0.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.2
cpe:2.3:a:xchat:xchat:2.0.2:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.0
cpe:2.3:a:xchat:xchat:1.8.0:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.1
cpe:2.3:a:xchat:xchat:1.8.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.9
cpe:2.3:a:xchat:xchat:1.8.9:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.0
cpe:2.3:a:xchat:xchat:1.9.0:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.7
cpe:2.3:a:xchat:xchat:1.9.7:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.8
cpe:2.3:a:xchat:xchat:1.9.8:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.5
cpe:2.3:a:xchat:xchat:2.0.5:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.7
cpe:2.3:a:xchat:xchat:1.8.7:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.8
cpe:2.3:a:xchat:xchat:1.8.8:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.5
cpe:2.3:a:xchat:xchat:1.9.5:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.6
cpe:2.3:a:xchat:xchat:1.9.6:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.3
cpe:2.3:a:xchat:xchat:2.0.3:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.4
cpe:2.3:a:xchat:xchat:2.0.4:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.2
cpe:2.3:a:xchat:xchat:1.8.2:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.8.3
cpe:2.3:a:xchat:xchat:1.8.3:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.1
cpe:2.3:a:xchat:xchat:1.9.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.2
cpe:2.3:a:xchat:xchat:1.9.2:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 1.9.9
cpe:2.3:a:xchat:xchat:1.9.9:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.0
cpe:2.3:a:xchat:xchat:2.0.0:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.7
cpe:2.3:a:xchat:xchat:2.0.7:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.0.8
cpe:2.3:a:xchat:xchat:2.0.8:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update A
cpe:2.3:a:xchat:xchat:2.8.7:a:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.6
cpe:2.3:a:xchat:xchat:2.8.6:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.1
cpe:2.3:a:xchat:xchat:2.8.1:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.0
cpe:2.3:a:xchat:xchat:2.8.0:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.8
cpe:2.3:a:xchat:xchat:2.8.8:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update F
cpe:2.3:a:xchat:xchat:2.8.7:f:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.5 Update E
cpe:2.3:a:xchat:xchat:2.8.5:e:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.5 Update B
cpe:2.3:a:xchat:xchat:2.8.5:b:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update E
cpe:2.3:a:xchat:xchat:2.8.7:e:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update D
cpe:2.3:a:xchat:xchat:2.8.7:d:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.4
cpe:2.3:a:xchat:xchat:2.8.4:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.3 Update E
cpe:2.3:a:xchat:xchat:2.8.3:e:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7b
cpe:2.3:a:xchat:xchat:2.8.7b:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update C
cpe:2.3:a:xchat:xchat:2.8.7:c:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.7 Update B
cpe:2.3:a:xchat:xchat:2.8.7:b:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.3 Update C
cpe:2.3:a:xchat:xchat:2.8.3:c:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.8.3
cpe:2.3:a:xchat:xchat:2.8.3:*:*:*:*:*:*:*
Matching versions
Xchat » Xchat » Version: 2.6.7
cpe:2.3:a:xchat:xchat:2.6.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-5129

EPSS FAQ

24.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-5129

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2011-5129

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-5129

http://www.osvdb.org/77629

404 Not Found
http://packetstormsecurity.org/files/107312/xchat-dos.txt

XChat 2.8.9 Heap Overflow ≈ Packet Storm
Exploit
http://www.securitytracker.com/id?1027468

XChat Heap Overflow Lets Remote Users Deny Service - SecurityTracker
http://www.securityfocus.com/bid/50820

XChat Remote Denial of Service Vulnerability
Exploit
http://www.exploit-db.com/exploits/18159

XChat 2.8.9 - Heap Overflow Denial of Service - Linux dos Exploit
Exploit

Jump to

Vulnerability Details : CVE-2011-5129

Products affected by CVE-2011-5129

Exploit prediction scoring system (EPSS) score for CVE-2011-5129

CVSS scores for CVE-2011-5129

CWE ids for CVE-2011-5129

References for CVE-2011-5129