{"api_version":"1","generated_at":"2026-04-17T00:31:35+00:00","cve":"CVE-2016-2368","urls":{"html":"https://cve.report/CVE-2016-2368","api":"https://cve.report/api/cve/CVE-2016-2368.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-2368","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-2368"},"summary":{"title":"CVE-2016-2368","description":"Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2017-01-06 21:59:00","updated_at":"2017-03-30 01:59:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/201701-38","name":"GLSA-201701-38","refsource":"GENTOO","tags":[],"title":"Pidgin: Multiple vulnerabilities (GLSA 201701-38) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/91335","name":"91335","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Pidgin Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.ubuntu.com/usn/USN-3031-1","name":"USN-3031-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3031-1: Pidgin vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0136/","name":"http://www.talosintelligence.com/reports/TALOS-2016-0136/","refsource":"MISC","tags":["Technical Description","Third Party Advisory"],"title":"Cisco Talos - Talos 2016 0136","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2016/dsa-3620","name":"DSA-3620","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-3620-1 pidgin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.pidgin.im/news/security/?id=101","name":"http://www.pidgin.im/news/security/?id=101","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Pidgin Security Advisories","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-2368","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2368","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2368","vulnerable":"1","versionEndIncluding":"2.10.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pidgin","cpe5":"pidgin","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-2368","qid":"671085","title":"EulerOS Security Update for pidgin (EulerOS-SA-2019-2387)"},{"cve":"CVE-2016-2368","qid":"710343","title":"Gentoo Linux Pidgin Multiple Vulnerabilities (GLSA 201701-38)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2016-2368","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Pidgin","version":{"version_data":[{"version_value":"2.10.11"}]}}]},"vendor_name":"Pidgin"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"buffer overflow"}]}]},"references":{"reference_data":[{"name":"91335","refsource":"BID","url":"http://www.securityfocus.com/bid/91335"},{"name":"http://www.pidgin.im/news/security/?id=101","refsource":"CONFIRM","url":"http://www.pidgin.im/news/security/?id=101"},{"name":"DSA-3620","refsource":"DEBIAN","url":"http://www.debian.org/security/2016/dsa-3620"},{"name":"http://www.talosintelligence.com/reports/TALOS-2016-0136/","refsource":"MISC","url":"http://www.talosintelligence.com/reports/TALOS-2016-0136/"},{"name":"GLSA-201701-38","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201701-38"},{"name":"USN-3031-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3031-1"}]}},"nvd":{"publishedDate":"2017-01-06 21:59:00","lastModifiedDate":"2017-03-30 01:59:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*","versionEndIncluding":"2.10.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"2368","Ordinal":"88215","Title":"CVE-2016-2368","CVE":"CVE-2016-2368","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"2368","Ordinal":"1","NoteData":"Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"2368","Ordinal":"2","NoteData":"2017-01-06","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"2368","Ordinal":"3","NoteData":"2017-03-29","Type":"Other","Title":"Modified"}]}}}