← Back

CVE-2014-3694

nvd nist
Published: Oct 29, 2014Modified: May 6, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected (17)

Show all products
Opensuse: Opensuse · Canonical: Ubuntu Linux · Debian: Debian Linux · Pidgin: Pidgin
Opensuse
1 product
Opensuse
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Pidgin
1 product
Pidgin
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 12.3
Opensuse
Version 13.1
Opensuse
Version 13.2
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0
Configuration D
10 vulnerable
Vulnerable SoftwareAffected Versions
Pidgin
Pidgin
Up to 2.10.9
Pidgin
Version 2.10.0
Pidgin
Version 2.10.1
Pidgin
Version 2.10.2
Pidgin
Version 2.10.3
Pidgin
Version 2.10.4
Pidgin
Version 2.10.5
Pidgin
Version 2.10.6
Pidgin
Version 2.10.7
Pidgin
Version 2.10.8

Related CWEs

CWE-310
CWE-310

References (18)

Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.