Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3696

Опубликовано: 22 окт. 2014
Источник: redhat
CVSS3: 4.3
CVSS2: 5
EPSS Низкий

Описание

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

A denial of service flaw was found in the way Pidgin parsed Groupwise server messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to cause Pidgin to consume an excessive amount of memory, possibly leading to a crash, by sending a specially crafted message.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pidginWill not fix
Red Hat Enterprise Linux 6pidginWill not fix
Red Hat Enterprise Linux 7pidginFixedRHSA-2017:185401.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1154910pidgin: denial of service parsing Groupwise server message

EPSS

Процентиль: 85%
0.02486
Низкий

4.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3696

ubuntu
около 11 лет назад

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

nvd логотип

CVE-2014-3696

nvd
около 11 лет назад

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

debian логотип

CVE-2014-3696

debian
около 11 лет назад

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidg ...

github логотип

GHSA-96p5-rvrv-9x22

github
больше 3 лет назад

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

suse-cvrf логотип

openSUSE-SU-2017:0925-1

suse-cvrf
больше 8 лет назад

Security update for pidgin

EPSS

Процентиль: 85%
0.02486
Низкий

4.3 Medium

CVSS3

5 Medium

CVSS2