{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-09-03T00:00:00", "datePublic": "2016-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-05T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pidgin.im/news/security/?id=91"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/cve-2016-1000030"}, {"name": "GLSA-201701-38", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-38"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-09-03T16:07:16.984011", "DATE_REQUESTED": "2016-06-21T00:00:00", "ID": "CVE-2016-1000030", "REQUESTER": "kurt@seifried.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/", "refsource": "CONFIRM", "url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"}, {"name": "https://pidgin.im/news/security/?id=91", "refsource": "CONFIRM", "url": "https://pidgin.im/news/security/?id=91"}, {"name": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe", "refsource": "CONFIRM", "url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"}, {"name": "https://access.redhat.com/security/cve/cve-2016-1000030", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/cve/cve-2016-1000030"}, {"name": "GLSA-201701-38", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-38"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:47:35.051Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pidgin.im/news/security/?id=91"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2016-1000030"}, {"name": "GLSA-201701-38", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-38"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000030", "datePublished": "2018-09-05T17:00:00", "dateReserved": "2016-06-21T00:00:00", "dateUpdated": "2024-08-06T03:47:35.051Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C11B91EA-361A-46D6-A784-DFBFF679DE6E", "versionEndExcluding": "2.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."}, {"lang": "es", "value": "Pidgin en versiones anteriores a la 2.11.0 contiene una vulnerabilidad en las importaciones de certificados X.509, concretamente debido a la comprobaci\u00f3n incorrecta de valores de retorno de gnutls_x509_crt_init() y gnutls_x509_crt_import() que puede resultar en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante un certificado X.509 personalizado de otro cliente. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.11.0."}], "id": "CVE-2016-1000030", "lastModified": "2018-11-14T19:34:45.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-05T17:29:00.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2016-1000030"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://pidgin.im/news/security/?id=91"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-38"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pidgin: X.509 Certificates Improperly Imported", "id": "1348882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348882"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "draft"}, "details": ["Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."], "name": "CVE-2016-1000030", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000030\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000030\nhttp://www.pidgin.im/news/security/?id=91"], "threat_severity": "Low", "upstream_fix": "pidgin 2.11.0"}