8.1

CVE-2016-2371

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.10.12
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.17% 0.864
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2016/dsa-3620
Third Party Advisory
http://www.securityfocus.com/bid/91335
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3031-1
Third Party Advisory
https://security.gentoo.org/glsa/201701-38
http://www.pidgin.im/news/security/?id=104
Patch
Vendor Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0139/
Third Party Advisory
Technical Description