Lucene search

K
cve[email protected]CVE-2016-2372
HistoryJan 06, 2017 - 9:59 p.m.

CVE-2016-2372

2017-01-0621:59:00
CWE-200
CWE-125
web.nvd.nist.gov
51
pidgin
mxit
information leak
cve-2016-2372
security vulnerability
denial of service
out-of-bounds read
nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

68.9%

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

68.9%