CVE-2016-2371

Published: Jan 6, 2017Modified: May 6, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

Affected (5)

Products: Pidgin: Pidgin · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Up to 2.10.12

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (12)

http://www.debian.org/security/2016/dsa-3620

Source: cret@cert.org

Third Party Advisory

http://www.pidgin.im/news/security/?id=104

Source: cret@cert.org

PatchVendor Advisory

http://www.securityfocus.com/bid/91335

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0139/

Source: cret@cert.org

Technical DescriptionThird Party Advisory

http://www.ubuntu.com/usn/USN-3031-1

Source: cret@cert.org

Third Party Advisory

https://security.gentoo.org/glsa/201701-38

Source: cret@cert.org

http://www.debian.org/security/2016/dsa-3620