CVE-2016-2371
Published: 23 June 2016
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
Priority
CVSS 3 base score: 8.1
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.11.0-1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:2.10.12-0ubuntu5.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:2.10.9-0ubuntu3.3)
|
|
Patches: Upstream: https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74 |
Notes
Author | Note |
---|---|
seth-arnold | This patch doesn't enforce upper-limits; it seems insufficient to me. |
mdeslaur | patch listed in upstream avisory is wrong, it is actually the fix for CVE-2016-2369 |