Описание
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | pidgin | Will not fix | ||
| Red Hat Enterprise Linux 6 | pidgin | Will not fix | ||
| Red Hat Enterprise Linux 7 | pidgin | Fixed | RHSA-2017:1854 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
5 Medium
CVSS2
Связанные уязвимости
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
EPSS
4.3 Medium
CVSS3
5 Medium
CVSS2