CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2368
https://notcve.org/view.php?id=CVE-2016-2368
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. Existen múltiples vulnerabilidades de corrupción de memoria en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar en múltiples desbordamientos de búfer, resultando potencialmente en ejecución de código o divulgación de memoria. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=101 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0136 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2365
https://notcve.org/view.php?id=CVE-2016-2365
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar potencialmente en una referencia a puntero nulo. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=98 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0133 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2374
https://notcve.org/view.php?id=CVE-2016-2374
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. Existe una vulnerabilidad de corrupción de memoria explotable en el manejo del protocolo MXIT en Pidgin. Un mensaje MXIT MultiMX especialmente manipulado enviado a través del servidor puede resultar en una escritura fuera de límites conduciendo a divulgación de memoria y ejecución de código. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=107 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0142 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2378
https://notcve.org/view.php?id=CVE-2016-2378
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en el manejo del protocolo MXIT en Pidgin. Datos especialmente manipulados enviados a través del servidor podrían resultar potencialmente en un desbordamiento de búfer, potencialmente resultando en corrupción de memoria. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=94 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0120 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2372
https://notcve.org/view.php?id=CVE-2016-2372
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=105 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0140 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •