CVE-2016-2374Out-of-bounds Read in Pidgin

CWE-125Out-of-bounds ReadCWE-200Sensitive Information ExposureCWE-787Out-of-bounds Write11 documents8 sources
Severity
8.1HIGHNVD
EPSS
2.8%
top 13.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PidginDebian PidginCanonical Ubuntu Linux+1 more
Timeline
PublishedJan 6
Latest updateMay 17

Description

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

debiandebian/pidgin< pidgin 2.11.0-1 (bookworm)
Debianpidgin/pidgin< 2.11.0-1+3
NVDpidgin/pidgin2.10.12
CVEListV5pidgin/pidgin2.10.11

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: www.pidgin.imPatch: www.pidgin.im

🔴Vulnerability Details

2
GHSA
GHSA-qm22-h7gg-wr34: An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin2022-05-17
OSV
CVE-2016-2374: An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin2017-01-06

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2016-07-12
Red Hat
pidgin: MXIT MultiMX Message Code Execution Vulnerability2016-06-21
Debian
CVE-2016-2374: pidgin - An exploitable memory corruption vulnerability exists in the handling of the MXI...2016

🕵️Threat Intelligence

4
Talos
Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability2017-02-14
Talos
Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability2017-02-14
Talos
Vulnerability Spotlight: Pidgin Vulnerabilities2016-06-21
Talos
Vulnerability Spotlight: Pidgin Vulnerabilities2016-06-21

💬Community

1
Bugzilla
CVE-2016-2374 pidgin: MXIT MultiMX Message Code Execution Vulnerability2016-06-22