CVE-2016-2371
Published: 23 June 2016
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
Priority
Medium
CVSS 3 base score: 8.1
Status
| Package | Release | Status |
|---|---|---|
|
pidgin Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.11.0-1)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:2.10.12-0ubuntu5.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:2.10.9-0ubuntu3.3)
|
|
|
Patches: Upstream: https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74 |
||
Notes
| Author | Note |
|---|---|
| seth-arnold | This patch doesn't enforce upper-limits; it seems insufficient to me. |
| mdeslaur | patch listed in upstream avisory is wrong, it is actually the fix for CVE-2016-2369 |