CVE-2016-2365

Published: 23 June 2016

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
pidgin
Launchpad, Ubuntu, Debian 		Upstream
Released (2.11.0-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.10.12-0ubuntu5.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:2.10.9-0ubuntu3.3)
Patches:
Upstream: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca

Notes

AuthorNote
seth-arnold 
I'm skeptical the fix addresses all issues raised
mdeslaur 
commit in upstream advisory is wrong, it is actually the commit
for CVE-2016-4323

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading