Your submission was sent successfully! Close

CVE-2016-2365

Published: 23 June 2016

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
pidgin
Launchpad, Ubuntu, Debian 		precise
Released (1:2.10.3-0ubuntu1.7)
trusty
Released (1:2.10.9-0ubuntu3.3)
upstream
Released (2.11.0-1)
wily
Released (1:2.10.11-0ubuntu4.2)
xenial
Released (1:2.10.12-0ubuntu5.1)

Notes

AuthorNote
seth-arnold 
I'm skeptical the fix addresses all issues raised
mdeslaur 
commit in upstream advisory is wrong, it is actually the commit
for CVE-2016-4323

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading