CVE-2016-2377

Summary

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.

Affected Software

VendorProductVersion RangeStatus
PidginPidgin2.10.11affected

Weaknesses

  • off-by-one write

ADP Enrichment

CVE Program Container

Additional References

References