CVE-2016-2233 is a stack-based buffer overflow in HexChat 2.10.2’s inbound_cap_ls function while handling CAP LS messages. A remote IRC server can trigger a crash by sending a CAP LS message with a large number of options. The NVD records the issue as CVSS 3.0 7.5 (High) with CWE-119, and the impact is denial of service rather than confidentiality or integrity loss.
CVE-2016-2087 describes a directory traversal vulnerability in the HexChat client, affecting HexChat 2.11.0. According to the NVD record, a remote IRC server could use ".." in the server name to reach files outside the intended directory scope, enabling arbitrary file read or modification on the client system. NVD rates the issue HIGH with CVSS 3.0 vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.
