Ubuntu CVE-2016-2372

Title:

PIDGIN MXIT FILE TRANSFER LENGTH MEMORY DISCLOSURE VULNERABILITY

CVE ID:

CVE-2016-2372

Description:

The MITRE CVE dictionary describes this issue as:

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.

Find out more about CVE-2016-2372 from the MITRE CVE dictionary  and NIST NVD.

CVSSV3 SCORE:

5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H

Mitigation:

ubuntu-upgrade-libpurple0-ubuntu-12-04-lts

External References:


http://www.talosintel.com/reports/TALOS-2016-0140/
http://www.pidgin.im/news/security/?id=105
https://access.redhat.com/security/cve/cve-2016-2372

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr