CVE-2016-2365
Published: 23 June 2016
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
Priority
CVSS 3 base score: 5.9
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.11.0-1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:2.10.12-0ubuntu5.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:2.10.9-0ubuntu3.3)
|
|
Patches: Upstream: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca |
Notes
Author | Note |
---|---|
seth-arnold | I'm skeptical the fix addresses all issues raised |
mdeslaur | commit in upstream advisory is wrong, it is actually the commit for CVE-2016-4323 |