CVE-2016-1000030

CVE Database · CVE-2016-1000030

CVE-2016-1000030

· N/AModified

CVSS v3.1

N/A

EPSS

1.84%

Published

Sep 5, 2018

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

Weaknesses (CWE)

CWE-295

Affected Products (2)

suse · linux_enterprise_servervulnerable

pidgin · pidgin (up to 2.11.0)vulnerable

References (10)

https://access.redhat.com/security/cve/cve-2016-1000030

Third Party Advisory

https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe

PatchThird Party Advisory

https://pidgin.im/news/security/?id=91

Vendor Advisory