PRIOn knowledge basePRION:CVE-2016-2368

HistoryJan 06, 2017 - 9:59 p.m.

Memory corruption

2017-01-0621:59:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
debian_linuxeq8.0
pidginle2.10.12

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	15.10
ubuntu_linux	eq	14.04
debian_linux	eq	8.0
pidgin	le	2.10.12

References

www.debian.org/security/2016/dsa-3620

www.pidgin.im/news/security/?id=101

www.securityfocus.com/bid/91335

www.talosintelligence.com/reports/TALOS-2016-0136/

www.ubuntu.com/usn/USN-3031-1

security.gentoo.org/glsa/201701-38