PT-2016-5141 · Pidgin+3 · Pidgin+3

Yves Younan

·

Published

2016-06-23

·

Updated

2025-04-20

·

CVE-2016-2372

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions Pidgin (affected versions not specified)
Description An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer, triggering an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Information Disclosure

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-125

Related Identifiers

ALT-PU-2016-1727
CVE-2016-2372
DLA-542-1
DSA-3620-1
MGASA-2016-0236
SUSE-SU-2016:2416-1
USN-3031-1

Affected Products

Alt Linux
Pidgin
Suse
Ubuntu