CVE-2016-1000030Improper Certificate Validation in Pidgin

CWE-295Improper Certificate Validation7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginSuse Linux Enterprise Server
Timeline
PublishedSep 5
Latest updateMay 14

Description

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDpidgin/pidgin< 2.11.0
Debianpidgin/pidgin< 2.11.0-1+3

Patches

Patch: bitbucket.orgPatch: bitbucket.org

🔴Vulnerability Details

3
GHSA
GHSA-mxjf-9j2x-85mg: Pidgin version <22022-05-14
OSV
CVE-2016-1000030: Pidgin version <22018-09-05
CVEList
CVE-2016-1000030: Pidgin version <22018-09-05

📋Vendor Advisories

2
Red Hat
pidgin: X.509 Certificates Improperly Imported2016-06-21
Debian
CVE-2016-1000030: pidgin - Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports sp...2016

💬Community

1
Bugzilla
CVE-2016-1000030 pidgin: X.509 Certificates Improperly Imported2016-06-22
CVE-2016-1000030 — Improper Certificate Validation | cvebase