CVE-2014-3698 — Sensitive Information Exposure in Pidgin

CWE-200 — Sensitive Information Exposure CWE-201 — Sensitive Info Insertion into Sent Data9 documents7 sources

Severity

5.0MEDIUMNVD

OSV6.4

EPSS

1.3%

top 20.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedOct 29

Latest updateMay 14

Description

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/pidgin< pidgin 2.10.10-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.10-1+3

▶Ubuntupidgin/pidgin< 1:2.10.9-0ubuntu3.2

▶NVDpidgin/pidgin2.10.9+9

Patches

Patch: hg.pidgin.im ↗Patch: pidgin.im ↗Patch: hg.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-q7w8-7jp2-2p9v: The jabber_idn_validate function in jutil↗2022-05-14

▶

OSV

CVE-2014-3698: The jabber_idn_validate function in jutil↗2014-10-29

▶

OSV

pidgin vulnerabilities↗2014-10-28

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2014-10-28

▶

Red Hat

pidgin: remote information leak via crafted XMPP message↗2014-10-22

▶

Debian

CVE-2014-3698: pidgin - The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in lib...↗2014

▶

💬Community

Bugzilla

CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 pidgin: various flaws [fedora-all]↗2014-10-23

▶

Bugzilla

CVE-2014-3698 pidgin: remote information leak via crafted XMPP message↗2014-10-21

▶