NVD Vulnerability Detail

CVE-2016-2368

Summary	Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
Publication Date	Jan. 7, 2017, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:08 p.m.
Last Update	Nov. 21, 2024, 11:48 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pidgin:pidgin::::::::			2.10.12

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.debian.org/security/2016/dsa-3620	Third Party Advisory
2	http://www.debian.org/security/2016/dsa-3620	Third Party Advisory
3	http://www.pidgin.im/news/security/?id=101	Patch Vendor Advisory
4	http://www.pidgin.im/news/security/?id=101	Patch Vendor Advisory
5	http://www.securityfocus.com/bid/91335	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/91335	Third Party Advisory VDB Entry
7	http://www.talosintelligence.com/reports/TALOS-2016-0136/	Technical Description Third Party Advisory
8	http://www.talosintelligence.com/reports/TALOS-2016-0136/	Technical Description Third Party Advisory
9	http://www.ubuntu.com/usn/USN-3031-1	Third Party Advisory
10	http://www.ubuntu.com/usn/USN-3031-1	Third Party Advisory
11	https://security.gentoo.org/glsa/201701-38
12	https://security.gentoo.org/glsa/201701-38

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Pidgin の MXIT プロトコルの処理におけるバッファオーバーフローの脆弱性

Title	Pidgin の MXIT プロトコルの処理におけるバッファオーバーフローの脆弱性
Summary	Pidgin の MXIT プロトコルの処理には、サービス運用妨害 (メモリ破損) 状態により、バッファオーバーフローの脆弱性が存在します。
Possible impacts	巧妙に細工された MXIT データをサーバに送信されることで、コードを実行される、またはメモリを公開される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 21, 2016, midnight
Registration Date	Jan. 19, 2017, 6:03 p.m.
Last Update	Jan. 19, 2017, 6:03 p.m.

Affected System

Debian

Debian GNU/Linux 8.0

Canonical

Ubuntu 12.04 LTS

Ubuntu 14.04 LTS

Ubuntu 15.10

Pidgin

Pidgin 2.11.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-2368	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2368
National Vulnerability Database (NVD)
2	CVE-2016-2368	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2368

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-3620	https://www.debian.org/security/2016/dsa-3620
Pidgin Security Advisories
2	Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities	http://www.pidgin.im/news/security/?id=101
Talos Vulnerability Report
3	TALOS-2016-0136	http://www.talosintelligence.com/reports/TALOS-2016-0136/
Ubuntu Security Notice
4	USN-3031-1	https://www.ubuntu.com/usn/USN-3031-1/

Change Log

No	Changed Details	Date of change
0	[2017年01月19日] 掲載	Feb. 17, 2018, 10:37 a.m.