1348873 – (CVE-2016-2371) CVE-2016-2371 pidgin: MXIT Extended Profiles Code Execution Vulnerability

Bug 1348873 (CVE-2016-2371) - CVE-2016-2371 pidgin: MXIT Extended Profiles Code Execution Vulnerability

Summary: CVE-2016-2371 pidgin: MXIT Extended Profiles Code Execution Vulnerability

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-2371
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	Engineering1350338 Engineering1403136
Blocks:	Embargoed1348890
TreeView+	depends on / blocked

Reported:	2016-06-22 08:59 UTC by Andrej Nemec
Modified:	2021-02-17 03:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:	pidgin 2.11.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 02:55:36 UTC

Attachments	(Terms of Use)

Description Andrej Nemec 2016-06-22 08:59:25 UTC

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

External references:

http://www.talosintel.com/reports/TALOS-2016-0139/
http://www.pidgin.im/news/security/?id=104

Upstream fix:

https://bitbucket.org/pidgin/main/commits/7b52ca213832

Note You need to log in before you can comment on or make changes to this bug.