Lucene search

[email protected]CVE-2016-4323

HistoryJan 06, 2017 - 9:59 p.m.

CVE-2016-4323

2017-01-0621:59:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2016-4323

directory traversal

pidgin

mxit protocol

vulnerability

file overwrite

network security

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.7%

JSON

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.

Affected configurations

NVD

Node

pidginpidginRange≤2.10.12

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

Node

debiandebian_linuxMatch8.0

CPENameOperatorVersion
pidgin:pidginpidginle2.10.12

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	le	2.10.12

CNA Affected

[
  {
    "product": "Pidgin",
    "vendor": "Pidgin",
    "versions": [
      {
        "status": "affected",
        "version": "2.10.11"
      }
    ]
  }
]