Bug 991700 (CVE-2016-2368) - VUL-0: CVE-2016-2368: pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities
Summary: VUL-0: CVE-2016-2368: pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulner...
Status: RESOLVED WONTFIX
Alias: CVE-2016-2368
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Felix Zhang
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170394/
Whiteboard: CVSSv2:SUSE:CVE-2016-2368:6.8:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-02 13:02 UTC by Marcus Meissner
Modified: 2020-11-10 21:19 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-02 13:02:38 UTC 
rh#1348867

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

External references:

http://www.talosintel.com/reports/TALOS-2016-0136/
http://www.pidgin.im/news/security/?id=101

Upstream fixes:

https://bitbucket.org/pidgin/main/commits/f6efc254e947
https://bitbucket.org/pidgin/main/commits/60f95045db42

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1348867
Comment 1 Marcus Meissner 2016-08-02 13:06:28 UTC 
not sure how the header patch relates to the bug though. (f6efc254e947, probably incorrectly listed)
Comment 2 Swamp Workflow Management 2016-08-02 22:01:39 UTC 
bugbot adjusting priority
Comment 4 Felix Zhang 2018-06-11 13:44:09 UTC 
With Mxit officially shut down its services in 2016 and pidgin dropped support to the protocol since 2.12. Efforts to backport the fix won't make much sense.
Discussed with Johannes and decided to close this as WONTFIX.