Bug 991683 (CVE-2016-2378) - VUL-0: CVE-2016-2378: pidgin: MXIT get_utf8_string Code Execution Vulnerability
Summary: VUL-0: CVE-2016-2378: pidgin: MXIT get_utf8_string Code Execution Vulnerability
Status: RESOLVED WONTFIX
Alias: CVE-2016-2378
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Felix Zhang
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170404/
Whiteboard: CVSSv2:RedHat:CVE-2016-2378:5.1:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-02 11:40 UTC by Marcus Meissner
Modified: 2018-06-11 14:39 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-02 11:40:59 UTC 
rh#1348854

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.

External references:

http://www.talosintel.com/reports/TALOS-2016-0120/
http://www.pidgin.im/news/security/?id=94

Upstream fix:

https://bitbucket.org/pidgin/main/commits/06278419c703

https://bugzilla.redhat.com/show_bug.cgi?id=1348854
Comment 1 Marcus Meissner 2016-08-02 11:44:41 UTC 
code is in sle11 and sle12
Comment 2 Swamp Workflow Management 2016-08-02 22:00:50 UTC 
bugbot adjusting priority
Comment 4 Felix Zhang 2018-06-11 13:42:15 UTC 
With Mxit officially shut down its services in 2016 and pidgin dropped support to the protocol since 2.12. Efforts to backport the fix won't make much sense.
Discussed with Johannes and decided to close this as WONTFIX.