Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3696

Published: 29/10/2014 Updated: 05/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin prior to 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

Vulnerable Product Search on Vulmon Subscribe to Product

pidgin pidgin 2.10.6

pidgin pidgin 2.10.5

pidgin pidgin 2.10.8

pidgin pidgin 2.10.7

pidgin pidgin 2.10.0

pidgin pidgin 2.10.4

pidgin pidgin 2.10.3

pidgin pidgin

pidgin pidgin 2.10.2

pidgin pidgin 2.10.1

Vendor Advisories

Red Hat: Moderate: pidgin security, bug fix, and enhancement update
Synopsis Moderate: pidgin security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for pidgin is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...
Ubuntu Security Notice: pidgin vulnerabilities
Several security issues were fixed in Pidgin ...
Debian Security Advisories: DSA-3055-1 pidgin -- security update
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates CVE-2014-3695 Yves Younan and Richard Johnson discovered that emoticons with overly large le ...
Red Hat: CVE-2014-3696
A denial of service flaw was found in the way Pidgin parsed Groupwise server messages A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to cause Pidgin to consume an excessive amount of memory, possibly leading to a crash, by sending a specially crafted message ...

Recent Articles

Emoticons blast three security holes in Pidgin :-(
The Register • Darren Pauli • 10 Nov 2014

Dump docs on users' disks using only ASCII art (°O°)

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but were easily and remotely exploitable. The first reported flaw (CVE-2014-3697) affected the way Pidgin accessed smileys and themes as tar packages on Windows systems. Linux ...

Read more...

References

CWE-119http://pidgin.im/news/security/?id=88http://hg.pidgin.im/pidgin/main/rev/44fd89158777http://www.debian.org/security/2014/dsa-3055http://www.ubuntu.com/usn/USN-2390-1http://secunia.com/advisories/61968http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.htmlhttp://secunia.com/advisories/60741http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.htmlhttps://access.redhat.com/errata/RHSA-2017:1854https://access.redhat.com/errata/RHSA-2017:1854https://usn.ubuntu.com/2390-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3696
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324path traversalCVE-2024-4743CVE-2024-5184TCPCVE-2024-27822code injectionCVE-2024-28995CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook