10

CVE-2015-8833

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CypherpunksPidgin-otr Version <= 4.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.03% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/201701-10
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html
http://www.debian.org/security/2016/dsa-3528
http://www.openwall.com/lists/oss-security/2016/03/09/13
http://www.openwall.com/lists/oss-security/2016/03/09/8
http://www.securityfocus.com/bid/84295
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
https://bugs.otr.im/issues/128
https://bugs.otr.im/issues/88
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html