CVE-2016-2368
Published on: 01/06/2017 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:15 PM UTC
Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
- CVE-2016-2368 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Pidgin - Pidgin version 2.10.11
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | HIGH | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Pidgin: Multiple vulnerabilities (GLSA 201701-38) — Gentoo Security | security.gentoo.org text/html | GENTOO GLSA-201701-38 |
Pidgin Multiple Security Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html | BID 91335 |
USN-3031-1: Pidgin vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html | UBUNTU USN-3031-1 |
Cisco Talos - Talos 2016 0136 | Technical Description Third Party Advisory www.talosintelligence.com text/html | MISC www.talosintelligence.com/reports/TALOS-2016-0136/ |
Debian -- Security Information -- DSA-3620-1 pidgin | Third Party Advisory www.debian.org Depreciated Link text/html | DEBIAN DSA-3620 |
Pidgin Security Advisories | Patch Vendor Advisory web.archive.org text/html Inactive LinkNot Archived | CONFIRM www.pidgin.im/news/security/?id=101 |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Application | Pidgin | Pidgin | All | All | All | All |
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE