CVE-2016-2368Improper Restriction of Operations within the Bounds of a Memory Buffer in Pidgin

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
8.1HIGHNVD
EPSS
6.0%
top 9.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PidginDebian PidginCanonical Ubuntu Linux+1 more
Timeline
PublishedJan 6
Latest updateMay 17

Description

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

debiandebian/pidgin< pidgin 2.11.0-1 (bookworm)
Debianpidgin/pidgin< 2.11.0-1+3
NVDpidgin/pidgin2.10.12
CVEListV5pidgin/pidgin2.10.11

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: www.pidgin.imPatch: www.pidgin.im

🔴Vulnerability Details

2
GHSA
GHSA-6cx6-59wp-f7c5: Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin2022-05-17
OSV
CVE-2016-2368: Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin2017-01-06

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2016-07-12
Red Hat
pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities2016-06-21
Debian
CVE-2016-2368: pidgin - Multiple memory corruption vulnerabilities exist in the handling of the MXIT pro...2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Pidgin Vulnerabilities2016-06-21
Talos
Vulnerability Spotlight: Pidgin Vulnerabilities2016-06-21

💬Community

1
Bugzilla
CVE-2016-2368 pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities2016-06-22