Unrated severityNVD Advisory· Published Oct 29, 2014· Updated Jun 17, 2026
CVE-2014-3694
CVE-2014-3694
Description
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.10.9
- cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*
- (no CPE)range: <2.10.10
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- Range: <2.10.10
Patches
Vulnerability mechanics
References
9- pidgin.im/news/security/nvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-11/msg00023.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-11/msg00037.htmlnvdThird Party Advisory
- www.debian.org/security/2014/dsa-3055nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2390-1nvdThird Party Advisory
- hg.pidgin.im/pidgin/main/rev/2e4475087f04nvdIssue Tracking
- secunia.com/advisories/60741nvd
- secunia.com/advisories/61968nvd
- access.redhat.com/errata/RHSA-2017:1854nvd
News mentions
0No linked articles in our index yet.