Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-2367

Опубликовано: 06 янв. 2017
Источник: debian
EPSS Низкий

Описание

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pidginfixed2.11.0-1package

Примечания

  • http://www.talosintel.com/reports/TALOS-2016-0135/

  • http://www.pidgin.im/news/security/?id=100

  • https://bitbucket.org/pidgin/main/commits/5e3601f8bde4

  • https://bitbucket.org/pidgin/main/commits/1c5197a66760

  • https://bitbucket.org/pidgin/main/commits/648f667a679c

EPSS

Процентиль: 83%
0.01948
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-2367

CVSS3: 5.9
ubuntu
около 9 лет назад

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

redhat логотип

CVE-2016-2367

CVSS3: 4.8
redhat
больше 9 лет назад

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

nvd логотип

CVE-2016-2367

CVSS3: 5.9
nvd
около 9 лет назад

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

github логотип

GHSA-cwh8-g5rj-527r

CVSS3: 5.9
github
больше 3 лет назад

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

suse-cvrf логотип

SUSE-SU-2016:2416-1

suse-cvrf
больше 9 лет назад

Security update for pidgin

EPSS

Процентиль: 83%
0.01948
Низкий