CVE Vulnerabilities

CVE-2016-1000030

Improper Certificate Validation

Published: Sep 05, 2018 | Modified: Nov 14, 2018
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Linux_enterprise_server Suse 11-sp4 (including) 11-sp4 (including)
Pidgin Ubuntu upstream *

Potential Mitigations

References