10
CVE-2015-8833
- EPSS 7.03%
- Veröffentlicht 12.04.2016 01:59:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cypherpunks ≫ Pidgin-otr Version <= 4.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.03% | 0.934 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
https://security.gentoo.org/glsa/201701-10
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html
http://www.debian.org/security/2016/dsa-3528
http://www.openwall.com/lists/oss-security/2016/03/09/13
http://www.openwall.com/lists/oss-security/2016/03/09/8
http://www.securityfocus.com/bid/84295
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
https://bugs.otr.im/issues/128
https://bugs.otr.im/issues/88
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html