Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVSS Details
- CVSS 3.0 Base Score: 7.4
- CVSS 3.0 Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Debian | debian-upgrade-hexchatdebian-upgrade-xchat | Feb 25, 2019 | Jan 18, 2017 | |
| Suse | — | suse-upgrade-hexchatsuse-upgrade-hexchat-lang | Feb 4, 2022 | Jan 18, 2017 |
| Ubuntu | no-fix-ubuntu-package | Jun 26, 2025 | Jan 18, 2017 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub