vulnerability

Alpine Linux: CVE-2016-2367: pidgin Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:N/A:P)	2017-01-06	2017-10-26	2017-10-30

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:N/A:P)

Published

2017-01-06

Added

2017-10-26

Modified

2017-10-30

Description

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

Solution

alpine-linux-upgrade-pidgin

References

ALPINE-5895
BID-91335
CVE-2016-2367
https://attackerkb.com/topics/CVE-2016-2367
DEBIAN-DSA-3620
DISA_SEVERITY-Category I
IAVM-2016-B-0106

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today