9.8

CVE-2016-1000030

EPSS 0.78%
Published 05.09.2018 17:29:00
Last modified 21.11.2024 02:42:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Pidgin ≫ Pidgin Version < 2.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.78%	0.726

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://security.gentoo.org/glsa/201701-38

Third Party Advisory

https://access.redhat.com/security/cve/cve-2016-1000030

Third Party Advisory

https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe

Patch

Third Party Advisory

https://pidgin.im/news/security/?id=91

Vendor Advisory

https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1000030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1000030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1000030

EUVD