CVE-2014-3698 : The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows r

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

Published 2014-10-29 10:55:04

Updated 2018-01-05 02:29:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2014-3698

Probability of exploitation activity in the next 30 days: 0.65%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-3698

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-3698

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3698

http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc

pidgin — Bitbucket
Patch
http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html

openSUSE-SU-2014:1397-1: moderate: update for pidgin

CVEs referencing this url
http://pidgin.im/news/security/?id=90

Pidgin Security Advisories
Patch;Vendor Advisory
http://www.ubuntu.com/usn/USN-2390-1

USN-2390-1: Pidgin vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html

openSUSE-SU-2014:1376-1: moderate: update for pidgin

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3055

Debian -- Security Information -- DSA-3055-1 pidgin

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1854

RHSA-2017:1854 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Products affected by CVE-2014-3698

Pidgin » Pidgin
Versions up to, including, (<=) 2.10.9
cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.4
cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.0
cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.1
cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.2
cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.3
cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.6
cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.5
cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.8
cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.10.7
cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-3698

Exploit prediction scoring system (EPSS) score for CVE-2014-3698

CVSS scores for CVE-2014-3698

CWE ids for CVE-2014-3698

References for CVE-2014-3698

Products affected by CVE-2014-3698