CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2369
https://notcve.org/view.php?id=CVE-2016-2369
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability. Existe una vulnerabilidad de referencia a puntero NULL en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar potencialmente en una vulnerabilidad de denegación de servicio. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=102 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0137 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2367
https://notcve.org/view.php?id=CVE-2016-2367
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=100 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0135 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2371
https://notcve.org/view.php?id=CVE-2016-2371
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. Existe una vulnerabilidad de escritura fuera de límites en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podría provocar corrupción de memoria resultando en ejecución de código. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=104 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0139 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2380
https://notcve.org/view.php?id=CVE-2016-2380
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin.Datos MXIT expecialmente manipulados enviados al servidor podrían resultar potencialmente en una lectura fuera de límites. Un usuario podría ser convencido para introducir una cadena particular que podría entonces ser convertida de forma incorrecta y conducir a una potencial lectura fuera de límites. • http://www.debian.org/security/2016/dsa-3620 http://www.pidgin.im/news/security/?id=96 http://www.securityfocus.com/bid/91335 http://www.talosintelligence.com/reports/TALOS-2016-0123 http://www.ubuntu.com/usn/USN-3031-1 https://security.gentoo.org/glsa/201701-38 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3697
https://notcve.org/view.php?id=CVE-2014-3697
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. Vulnerabilidad de salto de ruta absoluta en la función untar_block en win32/untar.c en Pidgin anterior a 2.10.10 en Windows permite a atacantes remotos escribir a ficheros arbitrarios a través de un nombre drive en un archivo tar de un tema smiley. • http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html http://pidgin.im/news/security/?id=89 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •