PT-2016-4495 · Pidgin+1 · Pidgin+1

Published

2016-06-21

Updated

2018-11-14

CVE-2016-1000030

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.11.0

Description The issue is related to improper checks of return values from gnutls x509 crt init() and gnutls x509 crt import() functions when importing X.509 certificates, potentially leading to code execution. This can be exploited via a custom X.509 certificate from another client.

Recommendations For versions prior to 2.11.0, update to version 2.11.0 to resolve the issue. As a temporary workaround, consider restricting the import of X.509 certificates from untrusted sources until the update is applied.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2016-1727

CVE-2016-1000030

Affected Products

Alt Linux

Pidgin

PT-2016-4495 · Pidgin+1 · Pidgin+1

CVE-2016-1000030

Weakness Enumeration

Related Identifiers

Affected Products

References · 9