// For flags

CVE-2014-3698

pidgin: remote information leak via crafted XMPP message

Severity Score

4.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

La función jabber_idn_validate en jutil.c en el plugin de protocolo Jabber en libpurple en Pidgin anterior a 2.10.10 permite a atacantes remotos obtener información sensible de la memoria de procesos a través de un mensaje XMPP manipulado.

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-10-24 CVE Published
  • 2024-06-10 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-201: Insertion of Sensitive Information Into Sent Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
<= 2.10.9
Search vendor "Pidgin" for product "Pidgin" and version " <= 2.10.9"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.0
Search vendor "Pidgin" for product "Pidgin" and version "2.10.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.1
Search vendor "Pidgin" for product "Pidgin" and version "2.10.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.2
Search vendor "Pidgin" for product "Pidgin" and version "2.10.2"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.3
Search vendor "Pidgin" for product "Pidgin" and version "2.10.3"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.4
Search vendor "Pidgin" for product "Pidgin" and version "2.10.4"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.5
Search vendor "Pidgin" for product "Pidgin" and version "2.10.5"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.6
Search vendor "Pidgin" for product "Pidgin" and version "2.10.6"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.7
Search vendor "Pidgin" for product "Pidgin" and version "2.10.7"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.10.8
Search vendor "Pidgin" for product "Pidgin" and version "2.10.8"
-
Affected