5.3

CVE-2016-2375

An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.10.12
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.71% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2016/dsa-3620
Third Party Advisory
http://www.securityfocus.com/bid/91335
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3031-1
Third Party Advisory
https://security.gentoo.org/glsa/201701-38
http://www.pidgin.im/news/security/?id=108
Patch
Vendor Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0143/
Third Party Advisory
Technical Description