First published: Wed Sep 05 2018(Updated: )
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE Linux Enterprise Server | =11-sp4 | |
Pidgin Pidgin | <2.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000030 is a vulnerability in Pidgin version <2.11.0 that allows code execution when importing X.509 certificates.
CVE-2016-1000030 has a severity rating of 9.8, which is considered critical.
Pidgin versions prior to 2.11.0 and SUSE Linux Enterprise Server 11-SP4 are affected by CVE-2016-1000030.
The vulnerability in CVE-2016-1000030 can be exploited by importing a custom X.509 certificate.
More information about CVE-2016-1000030 can be found at the Red Hat Security Advisory, Bitbucket commit, and Pidgin security advisory.