CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.2%
Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause a denial of sevice, obtain sensitive information, execute arbitrary code.
Below is a complete list of vulnerabilities:
Technical details
Vulnerabilities (1) can be triggered by sending invalid data, an invalid mood or a packet starting with a NULL byte.
Vulnerability (2) can be triggered by sending an invalid size for an avatar.
Vulnerability (5) can be triggered in case an invalid size of file transfer is sent.
Vulnerability (7) can be triggered in case an invalid size for a packet is sent.
Vulnerability (8) can be triggered in case a negative content-length in response to a HTTP request is sent. Such data causes an out-of-bounds write of one byte.
CVE-2016-2365 warning
CVE-2016-2366 warning
CVE-2016-2367 warning
CVE-2016-2368 critical
CVE-2016-2369 warning
CVE-2016-2370 warning
CVE-2016-2371 high
CVE-2016-2372 warning
CVE-2016-2373 warning
CVE-2016-2374 high
CVE-2016-2375 warning
CVE-2016-2376 high
CVE-2016-2377 high
Update to the latest version
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.2%