359 matches found
Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability(CVE-2016-2369)
DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the...
Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability(CVE-2016-2372)
DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for a file transfer which will trigger ...
Pidgin MXIT Contact Mood Denial of Service Vulnerability(CVE-2016-2373)
DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. CVSSv3 SCORE 5...
Pidgin MXIT Avatar Length Memory Disclosure Vulnerability(CVE-2016-2367)
DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an...
Pidgin MXIT Table Command Denial of Service Vulnerability(CVE-2016-2366)
DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to...
Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability(CVE-2016-2375)
DESCRIPTION An exploitable out-of-bounds ready exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. CVSSv3 SCORE 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N TESTED VERSIONS Pidgin 2.10.11 PRODU...
Pidgin MXIT read stage 0x3 Code Execution Vulnerability(CVE-2016-2376)
DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size...
Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability(CVE-2016-4323)
DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splas...
Pidgin MXIT Extended Profiles Code Execution Vulnerability(CVE-2016-2371)
DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. CVSSv3 SCORE 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H TESTED VERSIONS Pidgin...
Pidgin MXIT MultiMX Message Code Execution Vulnerability(CVE-2016-2374)
DESCRIPTION An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. CVSSv3 SCORE 8.1...
Pidgin MXIT Custom Resource Denial of Service Vulnerability(CVE-2016-2370)
DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle can send invalid data to trigger this vulnerability...
EulerOS 2.0 SP2 : pidgin (EulerOS-SA-2017-1166)
According to the versions of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker...
pidgin security, bug fix, and enhancement update
2.10.11-5 - Drop MXit support in RHEL Resolves: 1439296 2.10.11-4 - Silence -Wsign-compare - Rename the previous patch for consistency Resolves: 1445921, 1446368 2.10.11-3 - Avoid a use-after-free in an error path Resolves: 1445921 2.10.11-2 - Add patch for CVE-2017-2640 Resolves: 1431022 2.10.11...
pidgin: crash in Mxit protocol plug-in
A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon...
Vulnerabilities in the Pidgin instant messaging program, which allow a hacker to trigger memory disclosure, as well as the ability to inject arbitrary code
The multiple vulnerabilities related to memory corruption in the Pidgin instant messaging application are linked to the processing of the MXIT protocol. Exploiting these vulnerabilities can allow a remote attacker to trigger memory disclosure and the injection of arbitrary code by sending special...
EulerOS 2.0 SP2 : pidgin (EulerOS-SA-2017-1131)
According to the version of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via ...
openSUSE Security Update : pidgin (openSUSE-2017-457)
This update for pidgin to version 2.12.0 fixes the following issues : This security issue was fixed : - CVE-2017-2640: Out of bounds memory read in purplemarkupunescapeentity boo1028835. These non-security issues were fixed : + libpurple : - Fix the use of uninitialised memory if running...
Security update for pidgin (important)
This update for pidgin to version 2.12.0 fixes the following issues: This security issue was fixed: - CVE-2017-2640: Out of bounds memory read in purplemarkupunescapeentity boo1028835. These non-security issues were fixed: + libpurple: - Fix the use of uninitialised memory if running...
Design/Logic Flaw
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...
CVE-2016-2379
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...