CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2366
https://notcve.org/view.php?id=CVE-2016-2366
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar potencialmente en una lectura fuera de límites. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=99 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0134 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2367
https://notcve.org/view.php?id=CVE-2016-2367
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=100 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0135 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2368
https://notcve.org/view.php?id=CVE-2016-2368
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. Existen múltiples vulnerabilidades de corrupción de memoria en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar en múltiples desbordamientos de búfer, resultando potencialmente en ejecución de código o divulgación de memoria. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=101 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0136 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2369
https://notcve.org/view.php?id=CVE-2016-2369
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability. Existe una vulnerabilidad de referencia a puntero NULL en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar potencialmente en una vulnerabilidad de denegación de servicio. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=102 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0137 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2370
https://notcve.org/view.php?id=CVE-2016-2370
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podrían resultar potencialmente en una lectura fuera de límites. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=103 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0138 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read •