vulnerability

Huawei EulerOS: CVE-2016-2372: pidgin security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:N/A:P)	2017-01-06	2019-12-18	2025-05-05

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:N/A:P)

Published

2017-01-06

Added

2019-12-18

Modified

2025-05-05

Description

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.

Solution

huawei-euleros-2_0_sp3-upgrade-libpurple

References

CVE-2016-2372
https://attackerkb.com/topics/CVE-2016-2372
EULEROS-EulerOS-SA-2019-2650

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today