Vulnerability Details : CVE-2014-3698
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2014-3698
Probability of exploitation activity in the next 30 days: 0.65%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3698
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3698
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3698
-
http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc
pidgin — BitbucketPatch
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html
openSUSE-SU-2014:1397-1: moderate: update for pidgin
-
http://pidgin.im/news/security/?id=90
Pidgin Security AdvisoriesPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2390-1
USN-2390-1: Pidgin vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html
openSUSE-SU-2014:1376-1: moderate: update for pidgin
-
http://www.debian.org/security/2014/dsa-3055
Debian -- Security Information -- DSA-3055-1 pidgin
-
https://access.redhat.com/errata/RHSA-2017:1854
RHSA-2017:1854 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2014-3698
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*