Computer Security
[EN] securityvulns.ru no-pyccku


Pidgin multiple security vulnerabilities
Published:03.11.2014
Source:
SecurityVulns ID:14069
Type:remote
Threat Level:
6/10
Description:Insufficient certificate validation, emoticons parsing DoS, Groupwise messages DoS, information leakages via XMPP.
Affected:PIDGIN : Pidgin 2.10
CVE:CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.)
 CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.)
 CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.)
 CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
Original documentdocumentUBUNTU, [USN-2390-1] Pidgin vulnerabilities (03.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod