CVE-2016-2365
Published: 23 June 2016
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
Priority
CVSS 3 base score: 5.9
Notes
Author | Note |
---|---|
seth-arnold | I'm skeptical the fix addresses all issues raised |
mdeslaur | commit in upstream advisory is wrong, it is actually the commit for CVE-2016-4323 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2365
- http://www.talosintel.com/reports/TALOS-2016-0133/
- http://www.pidgin.im/news/security/?id=98
- https://ubuntu.com/security/notices/USN-3031-1
- NVD
- Launchpad
- Debian