Buffer Overflow in HexChat 2.9.4

6 minute read Apr 6, 2013 Comments
A buddy of mine, Mulitia, and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low severity, but still neat. If you entered “/server ” followed by 20,000 random characters, the application died. I decided to try to make a working exploit out of this for fun. I contacted HexChat, by initialling going into the #hexchat channel on irc.freenode.net and trying to find a security contact.