Description
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_confirm
https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/
Vendor Advisory x_refsource_confirm
https://pidgin.im/news/security/?id=91
Patch, Third Party Advisory x_refsource_confirm
https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/cve/cve-2016-1000030
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-38
Scores
CVSS v3
9.8
EPSS
0.0074
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (2)
pidgin/pidgin
< 2.11.0
suse/linux_enterprise_server
11 sp4
Published
Sep 05, 2018
Tracked Since
Feb 18, 2026