Detect date
?
|
06/21/2016 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause a denial of sevice, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities:
Technical details Vulnerabilities (1) can be triggered by sending invalid data, an invalid mood or a packet starting with a NULL byte. Vulnerability (2) can be triggered by sending an invalid size for an avatar. Vulnerability (5) can be triggered in case an invalid size of file transfer is sent. Vulnerability (7) can be triggered in case an invalid size for a packet is sent. Vulnerability (8) can be triggered in case a negative content-length in response to a HTTP request is sent. Such data causes an out-of-bounds write of one byte. |
Affected products
|
Pidgin versions earlier than 2.11.0 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
ACE [?] OSI [?] DoS [?] |
Related products
|
Pidgin |
CVE-IDS
?
|
CVE-2016-23654.3Warning
CVE-2016-23664.3Warning CVE-2016-23673.5Warning CVE-2016-23687.5Critical CVE-2016-23694.3Warning CVE-2016-23704.3Warning CVE-2016-23716.8High CVE-2016-23724.9Warning CVE-2016-23734.3Warning CVE-2016-23746.8High CVE-2016-23755.0Critical CVE-2016-23766.8High CVE-2016-23776.8High |
Find out the statistics of the vulnerabilities spreading in your region |