6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.7%
CVE-2016-2371
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Pidgin 2.10.11
The function mxit_parse_cmd_extprofile() is called when extended profile packets are received from the server. At line 1837 it will read the number of attributes that were sent by the server into the variable count.
1837 count = atoi( records[0]->fields[1]->data );
This value is subsequently used as the bounds for a loop at line 1839 and used to calculate the index into an array at line 1843 and that value is subsequently used to access values in the array at lines 1845-1847.
1839 for ( i = 0; i < count; i++ ) {
char* fname;
char* fvalue;
char* fstatus;
1843 int f = ( i * 3 ) + 2;
fname = records[0]->fields[f]->data; /* field name */
fvalue = records[0]->fields[f + 1]->data; /* field value */
1847 fstatus = records[0]->fields[f + 2]->data; /* field status */
The index is also used to write to an array at lines 1859-1860 potentially causing an out-of-bounds write.
1859 fvalue[10] = '\0';
records[0]->fields[f + 1]->len = 10;
2016-04-13 - Vendor Notification
2016-06-21 - Public Disclosure
Discovered by Yves Younan of Cisco Talos.
Vulnerability Reports Next Report
TALOS-2016-0140
Previous Report
TALOS-2016-0138
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.7%