Medium severity4.5NVD Advisory· Published May 28, 2017· Updated May 13, 2026

CVE-2016-10376

Description

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

Affected products

Gajim/Gajim
cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*
Range: <=0.16.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253ccnvdPatchVendor Advisory
dev.gajim.org/gajim/gajim/issues/8378nvdPatchVendor Advisory
bugs.debian.org/863445nvdThird Party Advisory
mail.jabber.org/pipermail/standards/2016-August/031335.htmlnvdMailing ListThird Party Advisory
www.debian.org/security/2017/dsa-3943nvd
security.gentoo.org/glsa/201707-14nvd

News mentions

No linked articles in our index yet.

cvss	0.293
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000