PT-2016-5137 · Pidgin+3 · Pidgin+3

Yves Younan

Publicado

2016-06-23

Atualizado

2025-04-20

CVE-2016-2367

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Pidgin (affected versions not specified)

Description An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar, triggering an out-of-bounds read. This could result in a denial of service or copy data from memory to the file, leading to an information leak if the avatar is sent to another user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Information Disclosure

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-125

Identificadores relacionados

ALT-PU-2016-1727

CVE-2016-2367

DLA-542-1

DSA-3620-1

MGASA-2016-0236

SUSE-SU-2016:2416-1

SUSE-SU-2016_2416-1

USN-3031-1

Produtos afetados

Alt Linux

Pidgin

Suse

Ubuntu

PT-2016-5137 · Pidgin+3 · Pidgin+3

CVE-2016-2367

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64