Insufficient Comparison Affecting pidgin package, versions <0:2.7.9-11.el6
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS6-PIDGIN-2088258
- published 26 Jul 2021
- disclosed 22 Jul 2013
Introduced: 22 Jul 2013
CVE-2013-4166 Open this link in a new tabHow to fix?
Upgrade Centos:6 pidgin to version 0:2.7.9-11.el6 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream pidgin package and not the pidgin package as distributed by Centos.
See How to fix? for Centos:6 relevant fixed versions and status.
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
References
- http://rhn.redhat.com/errata/RHSA-2013-1540.html
- https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5
- https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d
- https://access.redhat.com/security/cve/CVE-2013-4166
- https://bugzilla.redhat.com/show_bug.cgi?id=973728
- http://seclists.org/oss-sec/2013/q3/191
- https://access.redhat.com/errata/RHSA-2013:1540