CVE-2014-3696 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pidgin

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770 — Allocation of Resources Without Limits or Throttling11 documents8 sources

Severity

5.0MEDIUMNVD

OSV6.4

EPSS

2.1%

top 15.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedOct 29

Latest updateMay 14

Description

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/pidgin< pidgin 2.10.10-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.10-1+3

▶Ubuntupidgin/pidgin< 1:2.10.9-0ubuntu3.2

▶NVDpidgin/pidgin2.10.9+9

Patches

Patch: hg.pidgin.im ↗Patch: pidgin.im ↗Patch: hg.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-96p5-rvrv-9x22: nmevent↗2022-05-14

▶

OSV

CVE-2014-3696: nmevent↗2014-10-29

▶

OSV

pidgin vulnerabilities↗2014-10-28

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2014-10-28

▶

Red Hat

pidgin: denial of service parsing Groupwise server message↗2014-10-22

▶

Debian

CVE-2014-3696: pidgin - nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before ...↗2014

▶

🕵️Threat Intelligence

Talos

Talos Discovered Three More Vulnerabilities in Pidgin↗2014-11-07

▶

Talos

Talos Discovered Three More Vulnerabilities in Pidgin↗2014-11-07

▶

💬Community

Bugzilla

CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 pidgin: various flaws [fedora-all]↗2014-10-23

▶

Bugzilla

CVE-2014-3696 pidgin: denial of service parsing Groupwise server message↗2014-10-21

▶