CVE-2015-8833
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
Vulnerabilidad de uso después de liberación memoria en la función create_smp_dialog de gtk-dialog.c en el plugin Off-the-Record Messaging (OTR) pidgin-otr anterior a 4.0.2 para Pidgin, que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el elemento del menú "Authenticate buddy"
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-09 CVE Reserved
- 2016-03-23 CVE Published
- 2024-05-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/03/09/13 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2016/03/09/8 | Mailing List |
|
| http://www.securityfocus.com/bid/84295 | Vdb Entry | |
| https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html | X_refsource_misc | |
| https://bugs.otr.im/issues/128 | X_refsource_confirm | |
| https://bugs.otr.im/issues/88 | X_refsource_confirm | |
| https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94 | X_refsource_confirm | |
| https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html | 2021-08-04 | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html | 2021-08-04 | |
| http://www.debian.org/security/2016/dsa-3528 | 2021-08-04 | |
| https://security.gentoo.org/glsa/201701-10 | 2021-08-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cypherpunks Search vendor "Cypherpunks" | Pidgin-otr Search vendor "Cypherpunks" for product "Pidgin-otr" | <= 4.0.1 Search vendor "Cypherpunks" for product "Pidgin-otr" and version " <= 4.0.1" | - |
Affected
| ||||||