CVE-2016-1000030
First published: Wed Sep 05 2018(Updated: )
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise Server | =11-sp4 | |
| Pidgin Pidgin | <2.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-1000030?
CVE-2016-1000030 is a vulnerability in Pidgin version <2.11.0 that allows code execution when importing X.509 certificates.
How severe is CVE-2016-1000030?
CVE-2016-1000030 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2016-1000030?
Pidgin versions prior to 2.11.0 and SUSE Linux Enterprise Server 11-SP4 are affected by CVE-2016-1000030.
How can the vulnerability in CVE-2016-1000030 be exploited?
The vulnerability in CVE-2016-1000030 can be exploited by importing a custom X.509 certificate.
Where can I find more information about CVE-2016-1000030?
More information about CVE-2016-1000030 can be found at the Red Hat Security Advisory, Bitbucket commit, and Pidgin security advisory.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- vendor/pidgin
- canonical/pidgin pidgin