Pidgin
CVE-2016-4323
LOW
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
AnalysisAI
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. Affected products include: Pidgin, Canonical Ubuntu Linux, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a ne
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providi
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), t
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Rated high severity (CV
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Rated high severity (CVSS 8.1), this
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), t
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severit
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today