CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2370
https://notcve.org/view.php?id=CVE-2016-2370
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podrían resultar potencialmente en una lectura fuera de límites. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=103 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0138 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2371
https://notcve.org/view.php?id=CVE-2016-2371
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. Existe una vulnerabilidad de escritura fuera de límites en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podría provocar corrupción de memoria resultando en ejecución de código. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=104 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0139 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2372
https://notcve.org/view.php?id=CVE-2016-2372
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=105 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0140 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2373
https://notcve.org/view.php?id=CVE-2016-2373
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. Existe una vulnerabilidad de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar potencialmente en una escritura fuera de límites. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=106 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0141 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2374
https://notcve.org/view.php?id=CVE-2016-2374
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. Existe una vulnerabilidad de corrupción de memoria explotable en el manejo del protocolo MXIT en Pidgin. Un mensaje MXIT MultiMX especialmente manipulado enviado a través del servidor puede resultar en una escritura fuera de límites conduciendo a divulgación de memoria y ejecución de código. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=107 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0142 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •