CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26491
https://notcve.org/view.php?id=CVE-2022-26491
31 May 2022 — An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. Se ha detectado un problema en Pidgin versiones anteriores a 2.14.9. • https://developer.pidgin.im/wiki/FullChangeLog • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-2640 – pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML
https://notcve.org/view.php?id=CVE-2017-2640
14 Mar 2017 — An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el modo en que Pidgin en versiones anteriores a la 2.12.0 procesaba el contenido XML. Un servidor remoto malicioso podría usar esta vulnerabilidad para provocar el cierre inesperado de Pidgin o ejecutar código ar... • http://www.securityfocus.com/bid/96775 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1000030 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-1000030
17 Jan 2017 — Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. Pidgin en versiones anteriores a la 2.11.0 contiene una vulnerabilidad en las importaciones de certificados X.509, concretamente debido a la compr... • https://access.redhat.com/security/cve/cve-2016-1000030 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2374 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2374
12 Jul 2016 — An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. Existe una vulnerabilidad de corrupción de memoria explotable en el manejo del protocolo MXIT en Pidgin. Un mensaje MXIT MultiMX especialmente manipulado enviado a través del servidor puede resultar en una escritura fuera de límites conduciendo a divulgación de mem... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2372 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2372
12 Jul 2016 — An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. Existe una fuga de información e... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2378 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2378
12 Jul 2016 — A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en el manejo del protocolo MXIT en Pidgin. Datos especialmente manipulados enviados a través del servidor podrían resultar pote... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2368 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2368
12 Jul 2016 — Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. Existen múltiples vulnerabilidades de corrupción de memoria en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar en múltiples desbordamientos de búfer, resultando potencialmente en ejecuc... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2377 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2377
12 Jul 2016 — A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados por el servidor podrían resultar potencialmente en una esc... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2366 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2366
12 Jul 2016 — A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar pote... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2380 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2380
12 Jul 2016 — An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin.Datos MXIT expecialmente manipulados enviados al servidor podrían resultar potencialmente en una lectura fuera de lími... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •