Vulnerability Description
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Linux Enterprise Server | 11 |
| Pidgin | Pidgin | < 2.11.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2016-1000030Third Party Advisory
- https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffePatchThird Party Advisory
- https://pidgin.im/news/security/?id=91Vendor Advisory
- https://security.gentoo.org/glsa/201701-38Third Party Advisory
- https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/Third Party Advisory
- https://access.redhat.com/security/cve/cve-2016-1000030Third Party Advisory
- https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffePatchThird Party Advisory
- https://pidgin.im/news/security/?id=91Vendor Advisory
- https://security.gentoo.org/glsa/201701-38Third Party Advisory
- https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/Third Party Advisory
FAQ
What is CVE-2016-1000030?
CVE-2016-1000030 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can resu...
How severe is CVE-2016-1000030?
CVE-2016-1000030 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-1000030?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Server, Pidgin Pidgin.