1348865 – (CVE-2016-2367) CVE-2016-2367 pidgin: MXIT Avatar Length Memory Disclosure Vulnerability

Bug 1348865 (CVE-2016-2367) - CVE-2016-2367 pidgin: MXIT Avatar Length Memory Disclosure Vulnerability

Summary: CVE-2016-2367 pidgin: MXIT Avatar Length Memory Disclosure Vulnerability

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-2367
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1350338 1403136
Blocks:	1348890
TreeView+	depends on / blocked

Reported:	2016-06-22 08:49 UTC by Andrej Nemec
Modified:	2021-02-17 03:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:	pidgin 2.11.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 02:55:30 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-06-22 08:49:48 UTC

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

External references:

http://www.talosintel.com/reports/TALOS-2016-0135/
http://www.pidgin.im/news/security/?id=100

Upstream fixes:

https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c

Note You need to log in before you can comment on or make changes to this bug.