Vulnerability Description
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.10.12 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=96PatchVendor Advisory
- http://www.securityfocus.com/bid/91335Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0123/Third Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
- https://security.gentoo.org/glsa/201701-38
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=96PatchVendor Advisory
- http://www.securityfocus.com/bid/91335Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0123/Third Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
- https://security.gentoo.org/glsa/201701-38
FAQ
What is CVE-2016-2380?
CVE-2016-2380 is a vulnerability with a CVSS score of 3.1 (LOW). An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced t...
How severe is CVE-2016-2380?
CVE-2016-2380 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2380?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin, Canonical Ubuntu Linux, Debian Debian Linux.