Medium severity6.5NVD Advisory· Published Apr 21, 2016· Updated May 6, 2026

CVE-2013-7449

Description

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected products

Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Xchat/Xchat
cpe:2.3:a:xchat:xchat:-:*:*:*:*:*:*:*
Xchat/Xchat Gnome
cpe:2.3:a:xchat:xchat_gnome:-:*:*:*:*:*:*:*
Hexchat Project/Hexchat
cpe:2.3:a:hexchat_project:hexchat:*:*:*:*:*:*:*:*
Range: <=2.10.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000