CVE-2016-2377
Published: 23 June 2016
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.
Priority
CVSS 3 base score: 8.1
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
precise |
Released
(1:2.10.3-0ubuntu1.7)
|
trusty |
Released
(1:2.10.9-0ubuntu3.3)
|
|
upstream |
Released
(2.11.0-1)
|
|
wily |
Released
(1:2.10.11-0ubuntu4.2)
|
|
xenial |
Released
(1:2.10.12-0ubuntu5.1)
|
|
Patches: upstream: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37 |