CVE-2016-1000030
published 2018-09-05CVE-2016-1000030: Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init()…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pidgin | < pidgin 2.11.0-1 (bookworm) | pidgin 2.11.0-1 (bookworm) |
| pidgin | pidgin | < 2.11.0 | 2.11.0 |
| pidgin | pidgin | >= 0 < 2.11.0-1 | 2.11.0-1 |
| pidgin | pidgin | >= 0 < 2.11.0-1 | 2.11.0-1 |
| pidgin | pidgin | >= 0 < 2.11.0-1 | 2.11.0-1 |
| pidgin | pidgin | >= 0 < 2.11.0-1 | 2.11.0-1 |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL