CVE-2016-1000030

Published: 05 September 2018

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
pidgin
Launchpad, Ubuntu, Debian
Upstream
Released (2.11.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe