Vulnerability Details : CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2015-8833
- cpe:2.3:a:cypherpunks:pidgin-otr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8833
9.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2015-8833
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html
[security-announce] SUSE-SU-2016:0912-1: important: Security update for
-
http://www.debian.org/security/2016/dsa-3528
Debian -- Security Information -- DSA-3528-1 pidgin-otr
-
http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html
openSUSE-SU-2016:0878-1: moderate: Security update for pidgin-otr
-
https://bugs.otr.im/issues/128
Sign in · GitLab
-
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
Heap use after free in Pidgin-OTR plugin (CVE-2015-8833) | The Fuzzing Project
-
https://security.gentoo.org/glsa/201701-10
libotr, Pidgin OTR: Remote execution of arbitrary code (GLSA 201701-10) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2016/03/09/8
oss-security - Heap use after free in Pidgin-OTR plugin
-
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
Sign in · GitLab
-
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html
-
http://www.securityfocus.com/bid/84295
pidgin-otr CVE-2015-8833 Use After Free Denial of Service Vulnerability
-
https://bugs.otr.im/issues/88
Sign in · GitLab
-
http://www.openwall.com/lists/oss-security/2016/03/09/13
oss-security - Re: Heap use after free in Pidgin-OTR plugin
Jump to