N/A

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

N/A

N/A

HexChat、XChat和XChat-GNOME 安全漏洞

HexChat（前称XChat-WDK）、XChat和XChat-GNOME都是IRC（一种通过网络的即时聊天方式）通讯软件。XChat是俄国软件开发者Peter Zelezny（Zed）所研发的开源的通讯软件；XChat-GNOME是一个用于GNOME桌面的通讯软件。HexChat是基于XChat开发的，与XChat不同处在于它在Windows和类Unix系统下都是完全自由的软件。 HexChat 2.10.2之前版本、XChat和XChat-GNOME的common/server.c文件中的‘ssl_

N/A

N/A