CVE-2016-2380
Last modified
CVE-2016-2380 is a vulnerability of currently unknown severity. An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.10.12 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 15.10 |
| Debian | Debian Linux | 8.0 |
References
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=96Patch, Vendor Advisory
- http://www.securityfocus.com/bid/91335Third Party Advisory, VDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0123/Third Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=96Patch, Vendor Advisory
- http://www.securityfocus.com/bid/91335Third Party Advisory, VDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0123/Third Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2380?
How severe is CVE-2016-2380?
How do I fix CVE-2016-2380?
Are you affected by CVE-2016-2380?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST