All the vulnerabilites related to Pidgin - Pidgin
cve-2009-3083
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
References
| ▼ | URL | Tags |
|---|---|---|
| http://developer.pidgin.im/ticket/10159 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36601 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.pidgin.im/news/security/index.php?id=39 | x_refsource_CONFIRM | |
| http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/36277 | vdb-entry, x_refsource_BID | |
| http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.pidgin.im/ticket/10159",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=39",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3083",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3184
Vulnerability from cvelistv5
Published
2011-08-29 17:00
Modified
2024-08-06 23:22
Severity ?
EPSS score ?
Summary
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-11544",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"name": "oval:org.mitre.oval:def:18284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c"
},
{
"name": "pidgin-msn-protocol-dos(69341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=54"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/4"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"name": "FEDORA-2011-11595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45916"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-11544",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"name": "oval:org.mitre.oval:def:18284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c"
},
{
"name": "pidgin-msn-protocol-dos(69341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=54"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/4"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"name": "FEDORA-2011-11595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45916"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3184",
"datePublished": "2011-08-29T17:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0020
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 08:58
Severity ?
EPSS score ?
Summary
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://hg.pidgin.im/pidgin/main/rev/a167504359e5 | x_refsource_CONFIRM | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://pidgin.im/news/security/?id=85 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/4d9be297d399 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "http://pidgin.im/news/security/?id=85",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=85"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0020",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4323
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-06 00:25
Severity ?
EPSS score ?
Summary
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=97 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0128/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=97"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0128/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=97"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0128/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=97",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=97"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0128/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0128/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4323",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0273
Vulnerability from cvelistv5
Published
2013-02-16 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1746-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.pidgin.im/news/security/?id=67 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340 | vdb-entry, signature, x_refsource_OVAL | |
| http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=67"
},
{
"name": "oval:org.mitre.oval:def:18340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=67"
},
{
"name": "oval:org.mitre.oval:def:18340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=67",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=67"
},
{
"name": "oval:org.mitre.oval:def:18340",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd"
},
{
"name": "openSUSE-SU-2013:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0273",
"datePublished": "2013-02-16T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6478
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://pidgin.im/pipermail/support/2013-March/012981.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://pidgin.im/news/security/?id=72 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e | x_refsource_CONFIRM | |
| http://pidgin.im/pipermail/support/2013-March/012980.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "[support] 20130301 error in pidgin : big url - 2 (pidgin eat a part of url)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/support/2013-March/012981.html"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=72"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e"
},
{
"name": "[support] 20130301 error in pidgin : big url",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/support/2013-March/012980.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "[support] 20130301 error in pidgin : big url - 2 (pidgin eat a part of url)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/support/2013-March/012981.html"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=72"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e"
},
{
"name": "[support] 20130301 error in pidgin : big url",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/support/2013-March/012980.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "[support] 20130301 error in pidgin : big url - 2 (pidgin eat a part of url)",
"refsource": "MLIST",
"url": "http://pidgin.im/pipermail/support/2013-March/012981.html"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://pidgin.im/news/security/?id=72",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=72"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e"
},
{
"name": "[support] 20130301 error in pidgin : big url",
"refsource": "MLIST",
"url": "http://pidgin.im/pipermail/support/2013-March/012980.html"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6478",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6490
Vulnerability from cvelistv5
Published
2014-02-06 16:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/65195 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=84 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "65195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=84"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "65195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=84"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "65195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65195"
},
{
"name": "http://www.pidgin.im/news/security/?id=84",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=84"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6490",
"datePublished": "2014-02-06T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2943
Vulnerability from cvelistv5
Published
2011-08-29 17:00
Modified
2024-08-06 23:15
Severity ?
EPSS score ?
Summary
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2943",
"datePublished": "2011-08-29T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:32.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6486
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://pidgin.im/news/security/?id=81 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65189 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=81"
},
{
"name": "65189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=81"
},
{
"name": "65189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://pidgin.im/news/security/?id=81",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=81"
},
{
"name": "65189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6486",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2369
Vulnerability from cvelistv5
Published
2012-05-23 20:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201207-05.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2012/dsa-2476 | vendor-advisory, x_refsource_DEBIAN | |
| http://openwall.com/lists/oss-security/2012/05/16/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201207-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-05.xml"
},
{
"name": "SUSE-SU-2012:0703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html"
},
{
"name": "DSA-2476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2476"
},
{
"name": "[oss-security] 20120516 Format string security flaw in pidgin-otr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/05/16/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201207-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-05.xml"
},
{
"name": "SUSE-SU-2012:0703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html"
},
{
"name": "DSA-2476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2476"
},
{
"name": "[oss-security] 20120516 Format string security flaw in pidgin-otr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/05/16/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2369",
"datePublished": "2012-05-23T20:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2369
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0137/ | x_refsource_MISC | |
| http://www.pidgin.im/news/security/?id=102 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0137/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137/"
},
{
"name": "http://www.pidgin.im/news/security/?id=102",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2369",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2375
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0143/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.pidgin.im/news/security/?id=108 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=108"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=108"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0143/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=108",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=108"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2375",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3088
Vulnerability from cvelistv5
Published
2010-10-08 20:00
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/09/13/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/09/12/1 | mailing-list, x_refsource_MLIST | |
| https://bugs.gentoo.org/show_bug.cgi?id=336916 | x_refsource_CONFIRM | |
| http://code.google.com/p/pidgin-knotify/issues/detail?id=1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100913 Re: CVE Request: pidgin-knotify remote command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/13/4"
},
{
"name": "[oss-security] 20100913 CVE Request: pidgin-knotify remote command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/12/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=336916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-08T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100913 Re: CVE Request: pidgin-knotify remote command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/13/4"
},
{
"name": "[oss-security] 20100913 CVE Request: pidgin-knotify remote command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/12/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=336916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100913 Re: CVE Request: pidgin-knotify remote command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/13/4"
},
{
"name": "[oss-security] 20100913 CVE Request: pidgin-knotify remote command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/12/1"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=336916",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=336916"
},
{
"name": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1",
"refsource": "MISC",
"url": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3088",
"datePublished": "2010-10-08T20:00:00Z",
"dateReserved": "2010-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T00:25:36.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4601
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "47219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47219"
},
{
"name": "[oss-security] 20111210 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
},
{
"name": "[oss-security] 20111209 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=57"
},
{
"name": "RHSA-2011:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
},
{
"name": "oval:org.mitre.oval:def:18408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47234"
},
{
"name": "51010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "47219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47219"
},
{
"name": "[oss-security] 20111210 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
},
{
"name": "[oss-security] 20111209 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=57"
},
{
"name": "RHSA-2011:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
},
{
"name": "oval:org.mitre.oval:def:18408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47234"
},
{
"name": "51010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1820",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
},
{
"name": "openSUSE-SU-2012:0066",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "MDVSA-2011:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "47219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47219"
},
{
"name": "[oss-security] 20111210 Re: CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
},
{
"name": "[oss-security] 20111209 CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
},
{
"name": "http://pidgin.im/news/security/?id=57",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=57"
},
{
"name": "RHSA-2011:1821",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
},
{
"name": "oval:org.mitre.oval:def:18408",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
},
{
"name": "47234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47234"
},
{
"name": "51010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4601",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6152
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://pidgin.im/news/security/?id=70 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/b0345c25f886 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=70"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=70"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "http://pidgin.im/news/security/?id=70",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=70"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6152",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0272
Vulnerability from cvelistv5
Published
2013-02-16 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1746-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57951 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474 | vdb-entry, signature, x_refsource_OVAL | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html | vendor-advisory, x_refsource_SUSE | |
| http://www.pidgin.im/news/security/?id=66 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c"
},
{
"name": "57951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57951"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:17474",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c"
},
{
"name": "57951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57951"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:17474",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c"
},
{
"name": "57951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57951"
},
{
"name": "openSUSE-SU-2013:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:17474",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474"
},
{
"name": "openSUSE-SU-2013:0407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=66",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0272",
"datePublished": "2013-02-16T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1000030
Vulnerability from cvelistv5
Published
2018-09-05 17:00
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/ | x_refsource_CONFIRM | |
| https://pidgin.im/news/security/?id=91 | x_refsource_CONFIRM | |
| https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe | x_refsource_CONFIRM | |
| https://access.redhat.com/security/cve/cve-2016-1000030 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:35.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pidgin.im/news/security/?id=91"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pidgin version \u003c2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pidgin.im/news/security/?id=91"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.984011",
"DATE_REQUESTED": "2016-06-21T00:00:00",
"ID": "CVE-2016-1000030",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pidgin version \u003c2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
},
{
"name": "https://pidgin.im/news/security/?id=91",
"refsource": "CONFIRM",
"url": "https://pidgin.im/news/security/?id=91"
},
{
"name": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"name": "https://access.redhat.com/security/cve/cve-2016-1000030",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000030",
"datePublished": "2018-09-05T17:00:00",
"dateReserved": "2016-06-21T00:00:00",
"dateUpdated": "2024-08-06T03:47:35.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6484
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://pidgin.im/news/security/?id=79 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/932b985540e9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=79"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=79"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "http://pidgin.im/news/security/?id=79",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=79"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6484",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2372
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0140/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.pidgin.im/news/security/?id=105 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0140/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0140/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0140/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0140/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=105",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2372",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6483
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 | x_refsource_CONFIRM | |
| http://pidgin.im/news/security/?id=78 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574"
},
{
"name": "http://pidgin.im/news/security/?id=78",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6483",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2957
Vulnerability from cvelistv5
Published
2008-07-01 22:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:025 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/29985 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076 | vdb-entry, signature, x_refsource_OVAL | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33102 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.openwall.com/lists/oss-security/2008/06/27/3 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-675-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/32859 | third-party-advisory, x_refsource_SECUNIA | |
| http://crisp.cs.du.edu/?q=ca2007-1 | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2008-1023.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "29985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"name": "oval:org.mitre.oval:def:9076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "oval:org.mitre.oval:def:17599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"name": "[oss-security] 20080627 CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32859"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "29985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"name": "oval:org.mitre.oval:def:9076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "oval:org.mitre.oval:def:17599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"name": "[oss-security] 20080627 CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32859"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2957",
"datePublished": "2008-07-01T22:00:00",
"dateReserved": "2008-07-01T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1374
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "pidgin-decryptout-bo(50684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50684"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=30"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:11654",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "oval:org.mitre.oval:def:18201",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "pidgin-decryptout-bo(50684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50684"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=30"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:11654",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "oval:org.mitre.oval:def:18201",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500490"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1374",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3185
Vulnerability from cvelistv5
Published
2011-08-29 17:00
Modified
2024-08-06 23:22
Severity ?
EPSS score ?
Summary
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pidgin-uri-code-execution(69342)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"name": "20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=55"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "oval:org.mitre.oval:def:18324",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "pidgin-uri-code-execution(69342)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"name": "20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=55"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "oval:org.mitre.oval:def:18324",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pidgin-uri-code-execution(69342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"name": "20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37"
},
{
"name": "http://pidgin.im/news/security/?id=55",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=55"
},
{
"name": "45663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45663"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c"
},
{
"name": "49268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "oval:org.mitre.oval:def:18324",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324"
},
{
"name": "1025961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3185",
"datePublished": "2011-08-29T17:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3841
Vulnerability from cvelistv5
Published
2007-07-17 22:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24904 | vdb-entry, x_refsource_BID | |
| http://www.wslabi.com/wabisabilabi/initPublishedBid.do? | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24904"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-17T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24904"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24904"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3841",
"datePublished": "2007-07-17T22:00:00Z",
"dateReserved": "2007-07-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:22.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4602
Vulnerability from cvelistv5
Published
2011-12-17 02:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-1820.html | vendor-advisory, x_refsource_REDHAT | |
| https://hermes.opensuse.org/messages/13195955 | vendor-advisory, x_refsource_SUSE | |
| http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420 | vdb-entry, signature, x_refsource_OVAL | |
| http://pidgin.im/news/security/?id=58 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47219 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2011-1821.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/47234 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"name": "oval:org.mitre.oval:def:18420",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=58"
},
{
"name": "47219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47219"
},
{
"name": "RHSA-2011:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"name": "oval:org.mitre.oval:def:18420",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=58"
},
{
"name": "47219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47219"
},
{
"name": "RHSA-2011:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1820",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "openSUSE-SU-2012:0066",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"name": "oval:org.mitre.oval:def:18420",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"name": "http://pidgin.im/news/security/?id=58",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=58"
},
{
"name": "47219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47219"
},
{
"name": "RHSA-2011:1821",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name": "47234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4602",
"datePublished": "2011-12-17T02:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0013
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/02/1"
},
{
"name": "37953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37953"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483"
},
{
"name": "277450",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1"
},
{
"name": "37954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37954"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/1"
},
{
"name": "oval:org.mitre.oval:def:17620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620"
},
{
"name": "1022203",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1"
},
{
"name": "ADV-2009-3663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c"
},
{
"name": "FEDORA-2010-0368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html"
},
{
"name": "FEDORA-2010-0429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:10333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f"
},
{
"name": "ADV-2009-3662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "37961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37961"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/02/1"
},
{
"name": "37953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37953"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483"
},
{
"name": "277450",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1"
},
{
"name": "37954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37954"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/1"
},
{
"name": "oval:org.mitre.oval:def:17620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620"
},
{
"name": "1022203",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1"
},
{
"name": "ADV-2009-3663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c"
},
{
"name": "FEDORA-2010-0368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html"
},
{
"name": "FEDORA-2010-0429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:10333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f"
},
{
"name": "ADV-2009-3662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "37961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37961"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0013",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2009-12-14T00:00:00",
"dateUpdated": "2024-08-07T00:37:52.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3594
Vulnerability from cvelistv5
Published
2011-11-04 21:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034 | vdb-entry, signature, x_refsource_OVAL | |
| http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=743481 | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:183 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/46376 | third-party-advisory, x_refsource_SECUNIA | |
| http://developer.pidgin.im/ticket/14636 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-1371.html | vendor-advisory, x_refsource_REDHAT | |
| http://pidgin.im/news/security/?id=56 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
"refsource": "MISC",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743481",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46376"
},
{
"name": "http://developer.pidgin.im/ticket/14636",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"name": "http://pidgin.im/news/security/?id=56",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3594",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26491
Vulnerability from cvelistv5
Published
2022-05-31 04:25
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mail.jabber.org/pipermail/standards/2022-February/038759.html | x_refsource_MISC | |
| https://github.com/xsf/xeps/pull/1158 | x_refsource_MISC | |
| https://developer.pidgin.im/wiki/FullChangeLog | x_refsource_MISC | |
| https://pidgin.im/about/security/advisories/cve-2022-26491/ | x_refsource_MISC | |
| https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xsf/xeps/pull/1158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.pidgin.im/wiki/FullChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pidgin.im/about/security/advisories/cve-2022-26491/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3043-1] pidgin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xsf/xeps/pull/1158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.pidgin.im/wiki/FullChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pidgin.im/about/security/advisories/cve-2022-26491/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3043-1] pidgin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html",
"refsource": "MISC",
"url": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html"
},
{
"name": "https://github.com/xsf/xeps/pull/1158",
"refsource": "MISC",
"url": "https://github.com/xsf/xeps/pull/1158"
},
{
"name": "https://developer.pidgin.im/wiki/FullChangeLog",
"refsource": "MISC",
"url": "https://developer.pidgin.im/wiki/FullChangeLog"
},
{
"name": "https://pidgin.im/about/security/advisories/cve-2022-26491/",
"refsource": "MISC",
"url": "https://pidgin.im/about/security/advisories/cve-2022-26491/"
},
{
"name": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc",
"refsource": "MISC",
"url": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3043-1] pidgin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26491",
"datePublished": "2022-05-31T04:25:23",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6489
Vulnerability from cvelistv5
Published
2014-02-06 16:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pidgin.im/news/security/?id=83 | x_refsource_CONFIRM | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/65192 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=83"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "65192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65192"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=83"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "65192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65192"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pidgin.im/news/security/?id=83",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=83"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "65192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65192"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4",
"refsource": "MISC",
"url": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6489",
"datePublished": "2014-02-06T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6477
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://pidgin.im/news/security/?id=71 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/852014ae74a0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=71"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=71"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://pidgin.im/news/security/?id=71",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=71"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6477",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2955
Vulnerability from cvelistv5
Published
2008-07-01 22:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1947"
},
{
"name": "3966",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3966"
},
{
"name": "oval:org.mitre.oval:def:18050",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050"
},
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "29985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "20080626 Pidgin 2.4.1 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493682/100/0/threaded"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32859"
},
{
"name": "oval:org.mitre.oval:def:10131",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131"
},
{
"name": "30881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30881"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2008-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1947"
},
{
"name": "3966",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3966"
},
{
"name": "oval:org.mitre.oval:def:18050",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050"
},
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "29985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "20080626 Pidgin 2.4.1 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493682/100/0/threaded"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32859"
},
{
"name": "oval:org.mitre.oval:def:10131",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131"
},
{
"name": "30881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30881"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2955",
"datePublished": "2008-07-01T22:00:00",
"dateReserved": "2008-07-01T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6479
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://pidgin.im/news/security/?id=73 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://pidgin.im/news/security/?id=73",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=73"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6479",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2378
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pidgin.im/news/security/?id=94 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0120/ | x_refsource_MISC | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=94"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0120/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=94"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0120/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pidgin.im/news/security/?id=94",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=94"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0120/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0120/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2378",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2373
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0141/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.pidgin.im/news/security/?id=106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0141/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=106",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2373",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3615
Vulnerability from cvelistv5
Published
2009-10-20 17:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2949"
},
{
"name": "37017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37017"
},
{
"name": "oval:org.mitre.oval:def:18388",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388"
},
{
"name": "oval:org.mitre.oval:def:9414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/10481"
},
{
"name": "pidgin-oscar-protocol-dos(53807)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53807"
},
{
"name": "ADV-2009-2951",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2951"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=41"
},
{
"name": "36719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36719"
},
{
"name": "37072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2009-2949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2949"
},
{
"name": "37017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37017"
},
{
"name": "oval:org.mitre.oval:def:18388",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388"
},
{
"name": "oval:org.mitre.oval:def:9414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/10481"
},
{
"name": "pidgin-oscar-protocol-dos(53807)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53807"
},
{
"name": "ADV-2009-2951",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2951"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=41"
},
{
"name": "36719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36719"
},
{
"name": "37072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3615",
"datePublished": "2009-10-20T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2694
Vulnerability from cvelistv5
Published
2009-08-20 22:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"name": "ADV-2009-2303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"name": "36392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"name": "oval:org.mitre.oval:def:6320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"name": "36402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36402"
},
{
"name": "266908",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"name": "36384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36384"
},
{
"name": "DSA-1870",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "36708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36708"
},
{
"name": "ADV-2009-2663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"name": "oval:org.mitre.oval:def:10319",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"name": "36401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36401"
},
{
"name": "9615",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"name": "RHSA-2009:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"name": "ADV-2009-2303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"name": "36392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"name": "oval:org.mitre.oval:def:6320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"name": "36402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36402"
},
{
"name": "266908",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"name": "36384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36384"
},
{
"name": "DSA-1870",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "36708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36708"
},
{
"name": "ADV-2009-2663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"name": "oval:org.mitre.oval:def:10319",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"name": "36401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36401"
},
{
"name": "9615",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"name": "RHSA-2009:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514957",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"name": "ADV-2009-2303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"name": "36392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36392"
},
{
"name": "http://www.pidgin.im/news/security/?id=34",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"name": "oval:org.mitre.oval:def:6320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"name": "http://www.coresecurity.com/content/libpurple-arbitrary-write",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"name": "36402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36402"
},
{
"name": "266908",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"name": "36384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36384"
},
{
"name": "DSA-1870",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"name": "37071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37071"
},
{
"name": "36708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36708"
},
{
"name": "ADV-2009-2663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"name": "oval:org.mitre.oval:def:10319",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"name": "36401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36401"
},
{
"name": "9615",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"name": "http://developer.pidgin.im/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"name": "RHSA-2009:1218",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2694",
"datePublished": "2009-08-20T22:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0277
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "oval:org.mitre.oval:def:9421",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "41868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554335"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38712"
},
{
"name": "oval:org.mitre.oval:def:18348",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"
},
{
"name": "ADV-2010-2693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2693"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=43"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "oval:org.mitre.oval:def:9421",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "41868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554335"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38712"
},
{
"name": "oval:org.mitre.oval:def:18348",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"
},
{
"name": "ADV-2010-2693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2693"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=43"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-1279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"name": "RHSA-2010:0115",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "ADV-2010-0413",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "oval:org.mitre.oval:def:9421",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421"
},
{
"name": "38640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38640"
},
{
"name": "38658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38658"
},
{
"name": "41868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41868"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554335",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554335"
},
{
"name": "FEDORA-2010-1934",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "38712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38712"
},
{
"name": "oval:org.mitre.oval:def:18348",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"
},
{
"name": "ADV-2010-2693",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2693"
},
{
"name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"name": "http://pidgin.im/news/security/?id=43",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=43"
},
{
"name": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "MDVSA-2010:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38915"
},
{
"name": "http://developer.pidgin.im/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0277",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1624
Vulnerability from cvelistv5
Published
2010-05-14 19:24
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"name": "40138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40138"
},
{
"name": "MDVSA-2010:097",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=589973"
},
{
"name": "39801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39801"
},
{
"name": "USN-1014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b"
},
{
"name": "ADV-2010-1141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1141"
},
{
"name": "pidgin-slp-packets-dos(58559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=46"
},
{
"name": "oval:org.mitre.oval:def:18547",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547"
},
{
"name": "41899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41899"
},
{
"name": "ADV-2010-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"name": "40138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40138"
},
{
"name": "MDVSA-2010:097",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=589973"
},
{
"name": "39801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39801"
},
{
"name": "USN-1014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b"
},
{
"name": "ADV-2010-1141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1141"
},
{
"name": "pidgin-slp-packets-dos(58559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=46"
},
{
"name": "oval:org.mitre.oval:def:18547",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547"
},
{
"name": "41899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41899"
},
{
"name": "ADV-2010-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1624",
"datePublished": "2010-05-14T19:24:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3085
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36601 | third-party-advisory, x_refsource_SECUNIA | |
| http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8 | x_refsource_CONFIRM | |
| http://www.pidgin.im/news/security/index.php?id=37 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36277 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=37",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3085",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2367
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=100 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.talosintelligence.com/reports/TALOS-2016-0135/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=100"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=100"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=100",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=100"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0135/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2367",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1376
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "oval:org.mitre.oval:def:10476",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=32"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "USN-781-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"name": "RHSA-2009:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:18432",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "MDVSA-2009:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "pidgin-msn-slp-bo(50680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50680"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "35330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35330"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "oval:org.mitre.oval:def:10476",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=32"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "USN-781-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"name": "RHSA-2009:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:18432",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "MDVSA-2009:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "pidgin-msn-slp-bo(50680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50680"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "35330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35330"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1376",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2368
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=101 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0136/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=101"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0136/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=101"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0136/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=101",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=101"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0136/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0136/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2368",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2927
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-675-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-675-2"
},
{
"name": "[oss-security] 20080703 Re: Re: CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
},
{
"name": "RHSA-2008:0584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
},
{
"name": "32861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32861"
},
{
"name": "1020451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020451"
},
{
"name": "30971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30971"
},
{
"name": "oval:org.mitre.oval:def:11695",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
},
{
"name": "29956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29956"
},
{
"name": "MDVSA-2008:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
},
{
"name": "oval:org.mitre.oval:def:17972",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2647"
},
{
"name": "MDVSA-2009:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
},
{
"name": "[oss-security] 20080704 Re: Re: CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
},
{
"name": "31105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=25"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
},
{
"name": "31642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31642"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32859"
},
{
"name": "31387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31387"
},
{
"name": "DSA-1610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1610"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
},
{
"name": "31016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31016"
},
{
"name": "20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
},
{
"name": "adium-msnprotocol-code-execution(44774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
},
{
"name": "ADV-2008-2032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2032/references"
},
{
"name": "20080625 Pidgin 2.4.1 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493682"
},
{
"name": "20080806 rPSA-2008-0246-1 gaim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-675-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-675-2"
},
{
"name": "[oss-security] 20080703 Re: Re: CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
},
{
"name": "RHSA-2008:0584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
},
{
"name": "32861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32861"
},
{
"name": "1020451",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020451"
},
{
"name": "30971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30971"
},
{
"name": "oval:org.mitre.oval:def:11695",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
},
{
"name": "29956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29956"
},
{
"name": "MDVSA-2008:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
},
{
"name": "oval:org.mitre.oval:def:17972",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2647"
},
{
"name": "MDVSA-2009:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
},
{
"name": "[oss-security] 20080704 Re: Re: CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
},
{
"name": "31105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=25"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
},
{
"name": "31642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31642"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32859"
},
{
"name": "31387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31387"
},
{
"name": "DSA-1610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1610"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
},
{
"name": "31016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31016"
},
{
"name": "20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
},
{
"name": "adium-msnprotocol-code-execution(44774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
},
{
"name": "ADV-2008-2032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2032/references"
},
{
"name": "20080625 Pidgin 2.4.1 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493682"
},
{
"name": "20080806 rPSA-2008-0246-1 gaim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2927",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6487
Vulnerability from cvelistv5
Published
2014-02-06 16:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0074.html"
},
{
"name": "GLSA-201508-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201508-02"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "USN-2101-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2101-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0"
},
{
"name": "FEDORA-2014-2391",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "DSA-2852",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2852"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=82"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libgadu.net/releases/1.11.3.html"
},
{
"name": "MDVSA-2014:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:039"
},
{
"name": "65188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0074.html"
},
{
"name": "GLSA-201508-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201508-02"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "USN-2101-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2101-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0"
},
{
"name": "FEDORA-2014-2391",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "DSA-2852",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2852"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=82"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libgadu.net/releases/1.11.3.html"
},
{
"name": "MDVSA-2014:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:039"
},
{
"name": "65188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0074.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0074.html"
},
{
"name": "GLSA-201508-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201508-02"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "USN-2101-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2101-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0"
},
{
"name": "FEDORA-2014-2391",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html",
"refsource": "MISC",
"url": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "DSA-2852",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2852"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=82",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=82"
},
{
"name": "http://libgadu.net/releases/1.11.3.html",
"refsource": "MISC",
"url": "http://libgadu.net/releases/1.11.3.html"
},
{
"name": "MDVSA-2014:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:039"
},
{
"name": "65188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6487",
"datePublished": "2014-02-06T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4999
Vulnerability from cvelistv5
Published
2007-10-29 22:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26205 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=24 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/3624 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357 | vdb-entry, signature, x_refsource_OVAL | |
| http://osvdb.org/38695 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38132 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27495 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/archive/1/483580/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/27372 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/27858 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/usn-548-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=24"
},
{
"name": "ADV-2007-3624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3624"
},
{
"name": "oval:org.mitre.oval:def:18357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"
},
{
"name": "38695",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38695"
},
{
"name": "pidgin-htmldata-dos(38132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"
},
{
"name": "27495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27495"
},
{
"name": "FEDORA-2007-2714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"
},
{
"name": "20071112 FLEA-2007-0067-1 pidgin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"
},
{
"name": "27372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27372"
},
{
"name": "27858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27858"
},
{
"name": "USN-548-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-548-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "26205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=24"
},
{
"name": "ADV-2007-3624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3624"
},
{
"name": "oval:org.mitre.oval:def:18357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"
},
{
"name": "38695",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38695"
},
{
"name": "pidgin-htmldata-dos(38132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"
},
{
"name": "27495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27495"
},
{
"name": "FEDORA-2007-2714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"
},
{
"name": "20071112 FLEA-2007-0067-1 pidgin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"
},
{
"name": "27372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27372"
},
{
"name": "27858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27858"
},
{
"name": "USN-548-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-548-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4999",
"datePublished": "2007-10-29T22:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2365
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pidgin.im/news/security/?id=98 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0133/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=98"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0133/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=98"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0133/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pidgin.im/news/security/?id=98",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=98"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0133/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0133/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2365",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3025
Vulnerability from cvelistv5
Published
2009-08-31 20:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52994 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2009/08/19/2 | mailing-list, x_refsource_MLIST | |
| http://developer.pidgin.im/wiki/ChangeLog | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6167",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167"
},
{
"name": "pidgin-unspecified-dos(52994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994"
},
{
"name": "[oss-security] 20090819 CVE Request pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/19/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6167",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167"
},
{
"name": "pidgin-unspecified-dos(52994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994"
},
{
"name": "[oss-security] 20090819 CVE Request pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/19/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6167",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167"
},
{
"name": "pidgin-unspecified-dos(52994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994"
},
{
"name": "[oss-security] 20090819 CVE Request pidgin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/19/2"
},
{
"name": "http://developer.pidgin.im/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3025",
"datePublished": "2009-08-31T20:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2703
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36601 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 | vdb-entry, signature, x_refsource_OVAL | |
| http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 | x_refsource_CONFIRM | |
| http://www.pidgin.im/news/security/index.php?id=40 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/36277 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2703",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1178
Vulnerability from cvelistv5
Published
2012-03-15 10:00
Modified
2024-08-06 18:53
Severity ?
EPSS score ?
Summary
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019 | vdb-entry, signature, x_refsource_OVAL | |
| http://developer.pidgin.im/ticket/14884 | x_refsource_CONFIRM | |
| http://pidgin.im/news/security/?id=61 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:029 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/52475 | vdb-entry, x_refsource_BID | |
| http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50005 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-1102.html | vendor-advisory, x_refsource_REDHAT | |
| http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=61"
},
{
"name": "MDVSA-2012:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"name": "52475",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/14884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=61"
},
{
"name": "MDVSA-2012:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"name": "52475",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1178",
"datePublished": "2012-03-15T10:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:53:36.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3696
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pidgin.im/news/security/?id=88 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/44fd89158777 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1854 | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-2390-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60741 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3055 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/61968 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=88"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=88"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pidgin.im/news/security/?id=88",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=88"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3696",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4603
Vulnerability from cvelistv5
Published
2011-12-17 02:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-1820.html | vendor-advisory, x_refsource_REDHAT | |
| http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51074 | vdb-entry, x_refsource_BID | |
| https://hermes.opensuse.org/messages/13195955 | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.pidgin.im/news/security/?id=59 | x_refsource_CONFIRM | |
| http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47234 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"name": "51074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51074"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "oval:org.mitre.oval:def:18303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"name": "51074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51074"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "oval:org.mitre.oval:def:18303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"name": "47234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1820",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"name": "51074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51074"
},
{
"name": "openSUSE-SU-2012:0066",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "oval:org.mitre.oval:def:18303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"name": "http://www.pidgin.im/news/security/?id=59",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"name": "47234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4603",
"datePublished": "2011-12-17T02:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2376
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pidgin.im/news/security/?id=92 | x_refsource_CONFIRM | |
| http://www.talosintelligence.com/reports/TALOS-2016-0118/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0118/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0118/"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pidgin.im/news/security/?id=92",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=92"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0118/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0118/"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2376",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2377
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pidgin.im/news/security/?id=93 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0119/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=93"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0119/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "off-by-one write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=93"
},
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0119/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "off-by-one write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pidgin.im/news/security/?id=93",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=93"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0119/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0119/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2377",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2370
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0138/ | x_refsource_MISC | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.pidgin.im/news/security/?id=103 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=103",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2370",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1373
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "USN-781-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"name": "RHSA-2009:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "oval:org.mitre.oval:def:9005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:17722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "MDVSA-2009:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "pidgin-xmppsocks5-bo(50682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=29"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "35330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35330"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "USN-781-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"name": "RHSA-2009:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "oval:org.mitre.oval:def:9005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "oval:org.mitre.oval:def:17722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "MDVSA-2009:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "pidgin-xmppsocks5-bo(50682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=29"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "35330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35330"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1373",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3698
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc | x_refsource_CONFIRM | |
| http://pidgin.im/news/security/?id=90 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1854 | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-2390-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60741 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3055 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/61968 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=90"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=90"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"name": "http://pidgin.im/news/security/?id=90",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=90"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3698",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4528
Vulnerability from cvelistv5
Published
2011-01-07 11:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42824"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4528",
"datePublished": "2011-01-07T11:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1375
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "54649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54649"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "oval:org.mitre.oval:def:10829",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=31"
},
{
"name": "pidgin-purplecircbuffer-dos(50683)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2009-5597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "RHSA-2009:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"name": "GLSA-200905-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "54649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54649"
},
{
"name": "DSA-1805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "35294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35188"
},
{
"name": "oval:org.mitre.oval:def:10829",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"name": "35194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35202"
},
{
"name": "35215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=31"
},
{
"name": "pidgin-purplecircbuffer-dos(50683)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
},
{
"name": "MDVSA-2009:173",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1375",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4996
Vulnerability from cvelistv5
Published
2007-10-01 20:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36884 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27088 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/481402/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/3321 | vdb-entry, x_refsource_VUPEN | |
| http://www.pidgin.im/news/security/?id=23 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/25872 | vdb-entry, x_refsource_BID | |
| http://fedoranews.org/updates/FEDORA-2007-236.shtml | vendor-advisory, x_refsource_FEDORA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/27010 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pidgin-msn-nudge-dos(36884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"
},
{
"name": "27088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27088"
},
{
"name": "20071003 FLEA-2007-0057-1 pidgin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"
},
{
"name": "ADV-2007-3321",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3321"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=23"
},
{
"name": "25872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25872"
},
{
"name": "FEDORA-2007-2368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"
},
{
"name": "oval:org.mitre.oval:def:18261",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"
},
{
"name": "27010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver\u0027s buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \"an invalid memory location.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "pidgin-msn-nudge-dos(36884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"
},
{
"name": "27088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27088"
},
{
"name": "20071003 FLEA-2007-0057-1 pidgin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"
},
{
"name": "ADV-2007-3321",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3321"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=23"
},
{
"name": "25872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25872"
},
{
"name": "FEDORA-2007-2368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"
},
{
"name": "oval:org.mitre.oval:def:18261",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"
},
{
"name": "27010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4996",
"datePublished": "2007-10-01T20:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1889
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[devel] 20090528 [patch] libpurple/protocols/oscar: OOM and die on misparsed ICQWebMessage as ICQSMS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
},
{
"name": "35530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35530"
},
{
"name": "RHSA-2009:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
},
{
"name": "35697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35697"
},
{
"name": "FEDORA-2009-7359",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/9483"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "USN-796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-796-1"
},
{
"name": "35706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35706"
},
{
"name": "pidgin-oscar-dos(51448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
},
{
"name": "35693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
},
{
"name": "FEDORA-2009-7370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
},
{
"name": "oval:org.mitre.oval:def:10004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
},
{
"name": "ADV-2009-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1749"
},
{
"name": "FEDORA-2009-7415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[devel] 20090528 [patch] libpurple/protocols/oscar: OOM and die on misparsed ICQWebMessage as ICQSMS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
},
{
"name": "35530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35530"
},
{
"name": "RHSA-2009:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
},
{
"name": "35697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35697"
},
{
"name": "FEDORA-2009-7359",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/9483"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "USN-796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-796-1"
},
{
"name": "35706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35706"
},
{
"name": "pidgin-oscar-dos(51448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
},
{
"name": "35693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
},
{
"name": "FEDORA-2009-7370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
},
{
"name": "oval:org.mitre.oval:def:10004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
},
{
"name": "ADV-2009-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1749"
},
{
"name": "FEDORA-2009-7415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1889",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1091
Vulnerability from cvelistv5
Published
2011-03-14 19:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0661"
},
{
"name": "RHSA-2011:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=51"
},
{
"name": "46837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031"
},
{
"name": "ADV-2011-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0703"
},
{
"name": "FEDORA-2011-3150",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html"
},
{
"name": "43721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43721"
},
{
"name": "SSA:2011-070-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.466884"
},
{
"name": "pidgin-yahoo-protocol-dos(66055)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46376"
},
{
"name": "43695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43695"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"name": "oval:org.mitre.oval:def:18402",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402"
},
{
"name": "ADV-2011-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7"
},
{
"name": "FEDORA-2011-3113",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html"
},
{
"name": "ADV-2011-0643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0661"
},
{
"name": "RHSA-2011:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html"
},
{
"name": "openSUSE-SU-2012:0066",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=51"
},
{
"name": "46837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031"
},
{
"name": "ADV-2011-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0703"
},
{
"name": "FEDORA-2011-3150",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html"
},
{
"name": "43721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43721"
},
{
"name": "SSA:2011-070-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.466884"
},
{
"name": "pidgin-yahoo-protocol-dos(66055)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46376"
},
{
"name": "43695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43695"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"name": "oval:org.mitre.oval:def:18402",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402"
},
{
"name": "ADV-2011-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7"
},
{
"name": "FEDORA-2011-3113",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html"
},
{
"name": "ADV-2011-0643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1091",
"datePublished": "2011-03-14T19:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3084
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36601 | third-party-advisory, x_refsource_SECUNIA | |
| http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.pidgin.im/news/security/index.php?id=38 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36277 | vdb-entry, x_refsource_BID | |
| http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=38",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3084",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0423
Vulnerability from cvelistv5
Published
2010-02-24 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "62440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62440"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "ADV-2010-0914",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "oval:org.mitre.oval:def:9842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=45"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "DSA-2038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565792"
},
{
"name": "pidgin-smileys-dos(56394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56394"
},
{
"name": "oval:org.mitre.oval:def:17554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554"
},
{
"name": "39509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39509"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "62440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62440"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "ADV-2010-0914",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "oval:org.mitre.oval:def:9842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=45"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "DSA-2038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565792"
},
{
"name": "pidgin-smileys-dos(56394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56394"
},
{
"name": "oval:org.mitre.oval:def:17554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554"
},
{
"name": "39509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39509"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0423",
"datePublished": "2010-02-24T18:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2528
Vulnerability from cvelistv5
Published
2010-07-29 18:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1887"
},
{
"name": "SSA:2010-240-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c"
},
{
"name": "oval:org.mitre.oval:def:18359",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=47"
},
{
"name": "pidgin-xstatus-dos(60566)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60566"
},
{
"name": "66506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/66506"
},
{
"name": "40699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40699"
},
{
"name": "41881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41881"
},
{
"name": "ADV-2010-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-1887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1887"
},
{
"name": "SSA:2010-240-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c"
},
{
"name": "oval:org.mitre.oval:def:18359",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=47"
},
{
"name": "pidgin-xstatus-dos(60566)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60566"
},
{
"name": "66506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/66506"
},
{
"name": "40699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40699"
},
{
"name": "41881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41881"
},
{
"name": "ADV-2010-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2528",
"datePublished": "2010-07-29T18:00:00",
"dateReserved": "2010-06-30T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2366
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=99 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.talosintelligence.com/reports/TALOS-2016-0134/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=99",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0134/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2366",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3026
Vulnerability from cvelistv5
Published
2009-08-31 20:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36368 | vdb-entry, x_refsource_BID | |
| http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 | x_refsource_CONFIRM | |
| http://developer.pidgin.im/ticket/8131 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37071 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2009/08/24/2 | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/8131"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "[oss-security] 20090824 CVE id request: pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891"
},
{
"name": "pidgin-libpurple-weak-security(53000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53000"
},
{
"name": "oval:org.mitre.oval:def:5757",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757"
},
{
"name": "oval:org.mitre.oval:def:11070",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the \"require TLS/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/8131"
},
{
"name": "37071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37071"
},
{
"name": "[oss-security] 20090824 CVE id request: pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891"
},
{
"name": "pidgin-libpurple-weak-security(53000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53000"
},
{
"name": "oval:org.mitre.oval:def:5757",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757"
},
{
"name": "oval:org.mitre.oval:def:11070",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the \"require TLS/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36368"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279"
},
{
"name": "http://developer.pidgin.im/ticket/8131",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/8131"
},
{
"name": "37071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37071"
},
{
"name": "[oss-security] 20090824 CVE id request: pidgin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/24/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891"
},
{
"name": "pidgin-libpurple-weak-security(53000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53000"
},
{
"name": "oval:org.mitre.oval:def:5757",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757"
},
{
"name": "oval:org.mitre.oval:def:11070",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3026",
"datePublished": "2009-08-31T20:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2956
Vulnerability from cvelistv5
Published
2008-07-01 00:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29985",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"name": "[oss-security] 20080627 CVE Request (pidgin)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name": "31387",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/31387"
},
{
"name": "20080806 rPSA-2008-0246-1 gaim",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn\u0027t able to supply any sort of reproduction details.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "29985",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/29985"
},
{
"name": "[oss-security] 20080627 CVE Request (pidgin)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name": "31387",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/31387"
},
{
"name": "20080806 rPSA-2008-0246-1 gaim",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"url": "https://issues.rpath.com/browse/RPL-2647"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2956",
"datePublished": "2008-07-01T00:00:00",
"dateReserved": "2008-07-01T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4922
Vulnerability from cvelistv5
Published
2012-08-08 10:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2012/01/04/13 | mailing-list, x_refsource_MLIST | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.pidgin.im/news/security/?id=50 | x_refsource_CONFIRM | |
| http://hg.pidgin.im/pidgin/main/rev/8c850977cb42 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120104 Re: CVE request: Pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/04/13"
},
{
"name": "oval:org.mitre.oval:def:18223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120104 Re: CVE request: Pidgin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/04/13"
},
{
"name": "oval:org.mitre.oval:def:18223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4922",
"datePublished": "2012-08-08T10:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2380
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0123/ | x_refsource_MISC | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.pidgin.im/news/security/?id=96 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0123/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=96"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0123/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=96"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0123/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0123/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=96",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=96"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2380",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2214
Vulnerability from cvelistv5
Published
2012-07-03 19:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886 | vdb-entry, signature, x_refsource_OVAL | |
| http://pidgin.im/news/security/?id=62 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:082 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb"
},
{
"name": "oval:org.mitre.oval:def:17886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=62"
},
{
"name": "MDVSA-2012:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb"
},
{
"name": "oval:org.mitre.oval:def:17886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=62"
},
{
"name": "MDVSA-2012:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb"
},
{
"name": "oval:org.mitre.oval:def:17886",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886"
},
{
"name": "http://pidgin.im/news/security/?id=62",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=62"
},
{
"name": "MDVSA-2012:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2214",
"datePublished": "2012-07-03T19:00:00",
"dateReserved": "2012-04-09T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2371
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.pidgin.im/news/security/?id=104 | x_refsource_CONFIRM | |
| http://www.talosintelligence.com/reports/TALOS-2016-0139/ | x_refsource_MISC | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=104",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0139/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2371",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3532
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch"
},
{
"name": "oval:org.mitre.oval:def:18327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327"
},
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "31390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31390"
},
{
"name": "ADV-2008-2318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32859"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/6500"
},
{
"name": "pidgin-ssl-spoofing(44220)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44220"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"name": "oval:org.mitre.oval:def:10979",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979"
},
{
"name": "30553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch"
},
{
"name": "oval:org.mitre.oval:def:18327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327"
},
{
"name": "MDVSA-2009:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "31390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31390"
},
{
"name": "ADV-2008-2318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434"
},
{
"name": "33102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33102"
},
{
"name": "USN-675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch"
},
{
"name": "32859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32859"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/6500"
},
{
"name": "pidgin-ssl-spoofing(44220)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44220"
},
{
"name": "RHSA-2008:1023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"name": "oval:org.mitre.oval:def:10979",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979"
},
{
"name": "30553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30553"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3532",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-08-07T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3711
Vulnerability from cvelistv5
Published
2010-10-27 22:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-17130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html"
},
{
"name": "RHSA-2010:0788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"name": "ADV-2010-2753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2753"
},
{
"name": "pidgin-purplebase64decode-dos(62708)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62708"
},
{
"name": "ADV-2010-2754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2754"
},
{
"name": "SSA:2010-305-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462352"
},
{
"name": "FEDORA-2010-16629",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html"
},
{
"name": "1024623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024623"
},
{
"name": "44283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44283"
},
{
"name": "42294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42294"
},
{
"name": "42075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42075"
},
{
"name": "68773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/68773"
},
{
"name": "RHSA-2010:0890",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0890.html"
},
{
"name": "USN-1014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"name": "41893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641921"
},
{
"name": "ADV-2010-2851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2851"
},
{
"name": "ADV-2010-2847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2847"
},
{
"name": "FEDORA-2010-16876",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc"
},
{
"name": "41899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41899"
},
{
"name": "oval:org.mitre.oval:def:18506",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506"
},
{
"name": "ADV-2010-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"name": "ADV-2010-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2870"
},
{
"name": "MDVSA-2010:208",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-17130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html"
},
{
"name": "RHSA-2010:0788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"name": "ADV-2010-2753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2753"
},
{
"name": "pidgin-purplebase64decode-dos(62708)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62708"
},
{
"name": "ADV-2010-2754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2754"
},
{
"name": "SSA:2010-305-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462352"
},
{
"name": "FEDORA-2010-16629",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html"
},
{
"name": "1024623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024623"
},
{
"name": "44283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44283"
},
{
"name": "42294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42294"
},
{
"name": "42075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42075"
},
{
"name": "68773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/68773"
},
{
"name": "RHSA-2010:0890",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0890.html"
},
{
"name": "USN-1014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"name": "41893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641921"
},
{
"name": "ADV-2010-2851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2851"
},
{
"name": "ADV-2010-2847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2847"
},
{
"name": "FEDORA-2010-16876",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc"
},
{
"name": "41899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41899"
},
{
"name": "oval:org.mitre.oval:def:18506",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506"
},
{
"name": "ADV-2010-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"name": "ADV-2010-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2870"
},
{
"name": "MDVSA-2010:208",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=48"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3711",
"datePublished": "2010-10-27T22:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6485
Vulnerability from cvelistv5
Published
2014-02-06 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://pidgin.im/news/security/?id=80 | x_refsource_CONFIRM | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/65243 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=80"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "65243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65243"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=80"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "65243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65243"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "http://pidgin.im/news/security/?id=80",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=80"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "65243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65243"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6485",
"datePublished": "2014-02-06T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3695
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pidgin.im/news/security/?id=87 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1854 | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-2390-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60741 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-3055 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/61968 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=87"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60741"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=87"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60741"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pidgin.im/news/security/?id=87",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=87"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60741"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d"
},
{
"name": "DSA-3055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3695",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1257
Vulnerability from cvelistv5
Published
2019-11-20 19:31
Modified
2024-08-06 18:53
Severity ?
EPSS score ?
Summary
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pidgin.im/pipermail/devel/2011-December/010521.html | x_refsource_MISC | |
| http://developer.pidgin.im/ticket/14830 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T19:31:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.pidgin.im/ticket/14830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pidgin.im/pipermail/devel/2011-December/010521.html",
"refsource": "MISC",
"url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"
},
{
"name": "http://developer.pidgin.im/ticket/14830",
"refsource": "MISC",
"url": "http://developer.pidgin.im/ticket/14830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1257",
"datePublished": "2019-11-20T19:31:13",
"dateReserved": "2012-02-21T00:00:00",
"dateUpdated": "2024-08-06T18:53:36.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2318
Vulnerability from cvelistv5
Published
2012-07-03 19:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53400 | vdb-entry, x_refsource_BID | |
| http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4 | x_refsource_CONFIRM | |
| http://pidgin.im/news/security/?id=63 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:082 | vendor-advisory, x_refsource_MANDRIVA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/50005 | third-party-advisory, x_refsource_SECUNIA | |
| https://hermes.opensuse.org/messages/15136503 | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2012-1102.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=63"
},
{
"name": "MDVSA-2012:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"name": "oval:org.mitre.oval:def:17448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "openSUSE-SU-2012:0866",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=63"
},
{
"name": "MDVSA-2012:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"name": "oval:org.mitre.oval:def:17448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "openSUSE-SU-2012:0866",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53400"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
},
{
"name": "http://pidgin.im/news/security/?id=63",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=63"
},
{
"name": "MDVSA-2012:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"name": "oval:org.mitre.oval:def:17448",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
},
{
"name": "50005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50005"
},
{
"name": "openSUSE-SU-2012:0866",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"name": "RHSA-2012:1102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2318",
"datePublished": "2012-07-03T19:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2404
Vulnerability from cvelistv5
Published
2009-08-03 14:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36102"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "TA10-103B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "oval:org.mitre.oval:def:11174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "oval:org.mitre.oval:def:8658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "RHSA-2009:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"name": "39428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39428"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "1021699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37098"
},
{
"name": "273910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36102"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "TA10-103B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "oval:org.mitre.oval:def:11174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "oval:org.mitre.oval:def:8658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "RHSA-2009:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"name": "39428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39428"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "1021699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37098"
},
{
"name": "273910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2404",
"datePublished": "2009-08-03T14:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0274
Vulnerability from cvelistv5
Published
2013-02-16 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.pidgin.im/news/security/?id=68 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1746-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=68"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:18221",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=68"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:18221",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=68",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=68"
},
{
"name": "USN-1746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"name": "openSUSE-SU-2013:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:18221",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0274",
"datePublished": "2013-02-16T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3697
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pidgin.im/news/security/?id=89 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=89"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-18T20:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=89"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pidgin.im/news/security/?id=89",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=89"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3697",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4939
Vulnerability from cvelistv5
Published
2012-03-15 10:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:029 | vendor-advisory, x_refsource_MANDRIVA | |
| http://developer.pidgin.im/ticket/14392 | x_refsource_CONFIRM | |
| http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c | x_refsource_CONFIRM | |
| http://pidgin.im/news/security/?id=60 | x_refsource_CONFIRM | |
| http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18406",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406"
},
{
"name": "MDVSA-2012:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=60"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18406",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406"
},
{
"name": "MDVSA-2012:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/14392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=60"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4939",
"datePublished": "2012-03-15T10:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3374
Vulnerability from cvelistv5
Published
2012-07-07 10:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html | vendor-advisory, x_refsource_SUSE | |
| http://www.pidgin.im/news/security/index.php?id=64 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/50005 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:105 | vendor-advisory, x_refsource_MANDRIVA | |
| http://rhn.redhat.com/errata/RHSA-2012-1102.html | vendor-advisory, x_refsource_REDHAT | |
| http://hg.pidgin.im/pidgin/main/rev/ded93865ef42 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0890",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=64"
},
{
"name": "oval:org.mitre.oval:def:17678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "MDVSA-2012:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:105"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0890",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=64"
},
{
"name": "oval:org.mitre.oval:def:17678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678"
},
{
"name": "50005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50005"
},
{
"name": "MDVSA-2012:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:105"
},
{
"name": "RHSA-2012:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0890",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=64",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=64"
},
{
"name": "oval:org.mitre.oval:def:17678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678"
},
{
"name": "50005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50005"
},
{
"name": "MDVSA-2012:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:105"
},
{
"name": "RHSA-2012:1102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3374",
"datePublished": "2012-07-07T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2640
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-10 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2017:1854 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/96775 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-3806 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-10"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "96775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640"
},
{
"name": "DSA-3806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.12.0"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201706-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-10"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "96775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640"
},
{
"name": "DSA-3806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pidgin",
"version": {
"version_data": [
{
"version_value": "2.12.0"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-10"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "96775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96775"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640"
},
{
"name": "DSA-3806",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2640",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6481
Vulnerability from cvelistv5
Published
2014-02-06 16:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.pidgin.im/news/security/?id=74 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=74"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=74"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=74",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=74"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6481",
"datePublished": "2014-02-06T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2374
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91335 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0142/ | x_refsource_MISC | |
| http://www.debian.org/security/2016/dsa-3620 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.pidgin.im/news/security/?id=107 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-38 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3031-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=107"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=107"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0142/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=107",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=107"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2374",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3694
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pidgin.im/news/security/?id=86 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1854 | vendor-advisory, x_refsource_REDHAT | |
| http://hg.pidgin.im/pidgin/main/rev/2e4475087f04 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2390-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60741 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3055 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/61968 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=86"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=86"
},
{
"name": "RHSA-2017:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04"
},
{
"name": "USN-2390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pidgin.im/news/security/?id=86",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=86"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04"
},
{
"name": "USN-2390-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3694",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0271
Vulnerability from cvelistv5
Published
2013-02-16 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1746-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386 | vdb-entry, signature, x_refsource_OVAL | |
| http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://www.pidgin.im/news/security/?id=65 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "oval:org.mitre.oval:def:18386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=65"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2013:0388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "oval:org.mitre.oval:def:18386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2"
},
{
"name": "openSUSE-SU-2013:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=65"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"name": "USN-1746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"name": "oval:org.mitre.oval:def:18386",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386"
},
{
"name": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2"
},
{
"name": "openSUSE-SU-2013:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=65",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=65"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0271",
"datePublished": "2013-02-16T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6482
Vulnerability from cvelistv5
Published
2014-02-06 16:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://rhn.redhat.com/errata/RHSA-2014-0139.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.pidgin.im/news/security/?id=75 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2859 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.pidgin.im/news/security/?id=76 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2100-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.pidgin.im/news/security/?id=77 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0326",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"name": "DSA-2859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"name": "USN-2100-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=77"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=75",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=76",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=77",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=77"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6482",
"datePublished": "2014-02-06T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0420
Vulnerability from cvelistv5
Published
2010-02-24 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565786"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "ADV-2010-0914",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "oval:org.mitre.oval:def:18230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "62439",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62439"
},
{
"name": "DSA-2038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38712"
},
{
"name": "pidgin-xmpp-nickname-dos(56399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=44"
},
{
"name": "39509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39509"
},
{
"name": "oval:org.mitre.oval:def:11485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing \u003cbr\u003e sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-1279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"name": "38294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565786"
},
{
"name": "RHSA-2010:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"name": "ADV-2010-0413",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"name": "38563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38563"
},
{
"name": "MDVSA-2010:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"name": "USN-902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"name": "38640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38640"
},
{
"name": "ADV-2010-0914",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"name": "38658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38658"
},
{
"name": "oval:org.mitre.oval:def:18230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230"
},
{
"name": "FEDORA-2010-1934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"name": "ADV-2010-1020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2010-1383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"name": "62439",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62439"
},
{
"name": "DSA-2038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"name": "38712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38712"
},
{
"name": "pidgin-xmpp-nickname-dos(56399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=44"
},
{
"name": "39509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39509"
},
{
"name": "oval:org.mitre.oval:def:11485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"
},
{
"name": "MDVSA-2010:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0420",
"datePublished": "2010-02-24T18:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-01-07 12:00
Modified
2024-11-21 01:21
Severity ?
Summary
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | libpurple | 2.7.6 | |
| pidgin | libpurple | 2.7.7 | |
| pidgin | libpurple | 2.7.8 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFA8CD4-6108-4B3D-AE8D-482C693F26A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0283D-9A97-4C4C-A11A-BD102D60CCB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "56E61E91-D2B9-46CE-A8E9-F17F7CF4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C29209-30B7-42E8-AD54-F6AF2CB6A68A",
"versionEndIncluding": "2.7.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
},
{
"lang": "es",
"value": "directconn.c en el plugin del protocolo de MSN en libpurple v2.7.6 hasta y 2.7.8 a trav\u00e9s de Pidgin anteriores a v2.7.9 que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (desreferencia a un puntero NULL y bloqueo de la aplicaci\u00f3n) a trav\u00e9s de un paquete corto p2pv2 en una sesi\u00f3n DirectConnect (tambi\u00e9n conocido como conexi\u00f3n directa)."
}
],
"id": "CVE-2010-4528",
"lastModified": "2024-11-21T01:21:08.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-07T12:00:49.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42824"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45581"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| adium | adium | * | |
| adium | adium | 1.0 | |
| adium | adium | 1.0.1 | |
| adium | adium | 1.0.2 | |
| adium | adium | 1.0.3 | |
| adium | adium | 1.0.4 | |
| adium | adium | 1.0.5 | |
| adium | adium | 1.1 | |
| adium | adium | 1.1.1 | |
| adium | adium | 1.1.2 | |
| adium | adium | 1.1.3 | |
| adium | adium | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E488E097-EF23-40A0-AF31-489F318D1405",
"versionEndIncluding": "2.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A4013B-81F3-4AB0-8AB9-0A473A2AAD45",
"versionEndIncluding": "1.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D44D7E-116F-488C-8566-F7EA78C847FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8857D0-14C2-49F6-AE8F-287792895776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56022448-6CEE-4DE9-BC5D-F3F401470257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D4A6BA-AB30-4EFA-BF5E-9212CBF6B141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33448B4-31F3-434F-96D4-934D65BF65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8C3F99-1E0C-4FDB-8E76-46CF6CBBA7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B851E0-5D86-4D7F-A1AD-903ADA6A2C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6DEA45-1C3C-432E-9746-F1C548C8E8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE2A0AA-BD45-4A8B-BB3C-D69BFDC7E363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6A1C31-EA56-406F-AE65-10F838E4292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7223E59A-FA39-4D8A-A48D-1ACCF0454703",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamiento de enteros en las funciones msn_slplink_process_msg en el manejador de protocolo MSN en los archivos (1) libpurple/protocols/msn/slplink.c y (2) libpurple/protocols/msnp9/slplink.c en Pidgin anterior a versi\u00f3n 2.4.3 y Adium anterior a versi\u00f3n 1.3, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un mensaje SLP malformado con un valor de desplazamiento dise\u00f1ado, una vulnerabilidad diferente de CVE-2008-2955."
}
],
"id": "CVE-2008-2927",
"lastModified": "2024-11-21T00:48:01.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30971"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31016"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31387"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31642"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32861"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1610"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pidgin.im/news/security/?id=25"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/493682"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29956"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020451"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-675-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2032/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2647"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pidgin.im/news/security/?id=25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-675-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2032/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185."
},
{
"lang": "es",
"value": "gtkutils.c en Pidgin anterior a 2.10.8 en Windows permite a atacantes remotos asistidos por usuario ejecutar programas arbitrarios a trav\u00e9s de un mensaje que contenga un archivo: URL que no es manejada debidamente durante la construcci\u00f3n de un comando de explorer.exe. NOTA: esta vulnerabilidad existe debido a una correci\u00f3n incompleta para CVE-2011-3185."
}
],
"id": "CVE-2013-6486",
"lastModified": "2024-11-21T01:59:19.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-06T16:10:58.857",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=81"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65189"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podr\u00edan resultar potencialmente en ejecuci\u00f3n de c\u00f3digo arbitrario. Un servidor malicioso o un atacante que intercepte el tr\u00e1fico red puede enviar un tama\u00f1o inv\u00e1lido para un paquete que desencadenar\u00e1 un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2016-2376",
"lastModified": "2024-11-21T02:48:20.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.977",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=92"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0118/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0118/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA30C55-F54F-481A-BD32-778708E475C5",
"versionEndIncluding": "2.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "390887A5-9CC8-40B7-A7FD-E6D920BFCCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86FC11-74EB-4881-8C58-844B44A7BD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de ruta absoluta en la funci\u00f3n untar_block en win32/untar.c en Pidgin anterior a 2.10.10 en Windows permite a atacantes remotos escribir a ficheros arbitrarios a trav\u00e9s de un nombre drive en un archivo tar de un tema smiley."
}
],
"id": "CVE-2014-3697",
"lastModified": "2024-11-21T02:08:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:04.447",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=89"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read."
},
{
"lang": "es",
"value": "Existe una fuga de informaci\u00f3n en el manejo del protocolo MXIT en Pidgin.Datos MXIT expecialmente manipulados enviados al servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un usuario podr\u00eda ser convencido para introducir una cadena particular que podr\u00eda entonces ser convertida de forma incorrecta y conducir a una potencial lectura fuera de l\u00edmites."
}
],
"id": "CVE-2016-2380",
"lastModified": "2024-11-21T02:48:21.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.103",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=96"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0123/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0123/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response."
},
{
"lang": "es",
"value": "util.c en libpurple en Pidgin anterior a 2.10.8 no reserva correctamente la memoria para las respuestas HTTP que son inconsistentes con la cabecera Content-Length, lo que permite a servidores HTTP remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una respuesta manipulada."
}
],
"id": "CVE-2013-6479",
"lastModified": "2024-11-21T01:59:18.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.657",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=73"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2024-11-21 01:05
Severity ?
Summary
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | libpurple | * | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5DB51C-9FD1-41CB-AAFD-5F6A072C3F82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6B929B-1F85-4584-AA92-5B30BE110D4F",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "A7D1DFC7-4B7F-4006-9058-8335A292821E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "12095F49-8DFD-4C74-9454-5C3A5992A3FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "C62110B5-61D7-406D-B1A5-65AEC202DDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "CD01B8C6-7D3E-4FF9-A5B5-AAF33F4CEBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "AD6D98DC-06FC-46E7-A790-98A0B43A4E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "3FEE4F73-A426-4B47-8BAF-1C7D2F955850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
},
{
"lang": "es",
"value": "libpurple/protocols/irc/msgs.c en el complemento (plugin) de protocolo IRC de libpurple en Pidgin v2.6.2 permite causar a servidores IRC remotos para una denegaci\u00f3n de servicio (mediante una desreferencia a puntero NULL y caida de la aplicaci\u00f3n) a trav\u00e9s de un mensaje TOPIC que carece de una cadena de asunto."
}
],
"id": "CVE-2009-2703",
"lastModified": "2024-11-21T01:05:33.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en util.c en libpurple en Pidgin anterior a 2.10.8 permite a servidores HTTP remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s del campo de tama\u00f1o de fragmento en datos de codificaci\u00f3n de transferencia truncados."
}
],
"id": "CVE-2013-6485",
"lastModified": "2024-11-21T01:59:19.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.827",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=80"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65243"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-31 20:30
Modified
2024-11-21 01:06
Severity ?
Summary
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the \"require TLS/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions."
},
{
"lang": "es",
"value": "protocols/jabber/auth.c en libpurple en Pidgin v2.6.0, y posiblemente otras versiones, no siguen las preferencias \"requeridas en TSL/SSL\" cuando se conectan a un servidor Jabber viejo, que no siguen las especificaciones XMPP, lo que provoca que libpurple se conecte al servidor sin el cifrado esperado y permita a atacantes remotos poder esp\u00edar la sesi\u00f3n."
}
],
"id": "CVE-2009-3026",
"lastModified": "2024-11-21T01:06:20.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-31T20:30:01.140",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891"
},
{
"source": "cve@mitre.org",
"url": "http://developer.pidgin.im/ticket/8131"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/24/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36368"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53000"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/ticket/8131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat has released updates to correct this issue:\nhttps://rhn.redhat.com/errata/RHSA-2009-1453.html",
"lastModified": "2009-09-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | libpurple | 2.6.0 | |
| pidgin | libpurple | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6B929B-1F85-4584-AA92-5B30BE110D4F",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "A7D1DFC7-4B7F-4006-9058-8335A292821E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "12095F49-8DFD-4C74-9454-5C3A5992A3FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "C62110B5-61D7-406D-B1A5-65AEC202DDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "CD01B8C6-7D3E-4FF9-A5B5-AAF33F4CEBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "AD6D98DC-06FC-46E7-A790-98A0B43A4E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "3FEE4F73-A426-4B47-8BAF-1C7D2F955850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8CE5BE-03B4-4556-8ADE-6E645AD211F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BDC1AE-C390-42D5-A0EF-80A59C350F5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
},
{
"lang": "es",
"value": "La funci\u00f3n msn_slp_process_msg de libpurple/protocols/msn/slpcall.c en el conector de protocolo MSN de libpurple v2.6.0 y v2.6.1, como se ha utilizado en Pidgin anterior a v2.6.2; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje manuscrito (tambi\u00e9n llamado Tinta). Est\u00e1 relacionado con una variable no iniciada y el nombre del conjunto de caracteres \"UTF16-LE\" incorrecto."
}
],
"id": "CVE-2009-3084",
"lastModified": "2024-11-21T01:06:30.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of Pidgin packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-09-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 17:00
Modified
2024-11-21 01:59
Severity ?
Summary
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.10.0 | |
| pidgin | pidgin | 2.10.1 | |
| pidgin | pidgin | 2.10.2 | |
| pidgin | pidgin | 2.10.3 | |
| pidgin | pidgin | 2.10.4 | |
| pidgin | pidgin | 2.10.5 | |
| pidgin | pidgin | 2.10.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en libpurple/protocols/gg/lib/http.c en el analizador Gadu-Gadu (gg) en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un valor Content-Length largo, lo que provoca un desbordamiento de buffer."
}
],
"id": "CVE-2013-6487",
"lastModified": "2024-11-21T01:59:19.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T17:00:05.650",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0074.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0"
},
{
"source": "secalert@redhat.com",
"url": "http://libgadu.net/releases/1.11.3.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2852"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=82"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65188"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2101-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201508-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libgadu.net/releases/1.11.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2101-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201508-02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-16 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ED22-0FD0-4A51-887F-8A100C750567",
"versionEndIncluding": "2.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en http.c en el plugin de protocolo MXit en libpurple en Pidgin anteiror a v2.10.7 permite a servidores remotos ejecutar c\u00f3digo mediante un header HTTP de gran longitud."
}
],
"id": "CVE-2013-0272",
"lastModified": "2024-11-21T01:47:12.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-16T21:55:02.153",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=66"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57951"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user."
},
{
"lang": "es",
"value": "Existe una fuga de informaci\u00f3n en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un usuario, servidor o man-in-the-middle malicioso puede enviar un tama\u00f1o inv\u00e1lido para un avatar que desencadenar\u00e1 una vulnerabilidad de lectura fuera de l\u00edmites. Esto podr\u00eda resultar en una denegaci\u00f3n de servicio o copia de datos desde la memoria al archivo, resultando en una fuga de informaci\u00f3n si el avatar es enviado a otro usuario."
}
],
"id": "CVE-2016-2367",
"lastModified": "2024-11-21T02:48:18.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.603",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=100"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E1E9A0-5FEF-438A-A0CC-3889088C6DCA",
"versionEndExcluding": "2.14.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Pidgin versiones anteriores a 2.14.9. Un atacante remoto que puede falsificar las respuestas DNS puede redirigir una conexi\u00f3n de cliente a un servidor malicioso. El cliente llevar\u00e1 a cabo la verificaci\u00f3n del certificado TLS del nombre de dominio malicioso en lugar del dominio original del servicio XMPP, permitiendo al atacante tomar el control de la conexi\u00f3n XMPP y obtener las credenciales del usuario y todo el contenido de la comunicaci\u00f3n. Esto es similar a CVE-2022-24968"
}
],
"id": "CVE-2022-26491",
"lastModified": "2024-11-21T06:54:02.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:40.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.pidgin.im/wiki/FullChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xsf/xeps/pull/1158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pidgin.im/about/security/advisories/cve-2022-26491/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.pidgin.im/wiki/FullChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xsf/xeps/pull/1158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://mail.jabber.org/pipermail/standards/2022-February/038759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pidgin.im/about/security/advisories/cve-2022-26491/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-01 22:41
Modified
2024-11-21 00:48
Severity ?
Summary
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "secalert@redhat.com",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn\u0027t able to supply any sort of reproduction details.\""
},
{
"lang": "es",
"value": "** DISPUTED ** Fuga de memoria en Pidgin 2.0.0 y posiblemente otras versiones, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s documentos XML malformados. NOTA: este problema ha sido disputado por el proveedor original, que dice: \u0027Nunca he podido identificar un escenario en que problema ocurri\u00f3 y el investigador original no pudo suministrar cualquier tipo de detalles de la reproducci\u00f3n.\u0027"
}
],
"id": "CVE-2008-2956",
"lastModified": "2024-11-21T00:48:06.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-01T22:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31387"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2647"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de corrupci\u00f3n de memoria en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar en m\u00faltiples desbordamientos de b\u00fafer, resultando potencialmente en ejecuci\u00f3n de c\u00f3digo o divulgaci\u00f3n de memoria."
}
],
"id": "CVE-2016-2368",
"lastModified": "2024-11-21T02:48:18.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.650",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=101"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0136/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0136/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en el manejo del protocolo MXIT en Pidgin. Datos especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en un desbordamiento de b\u00fafer, potencialmente resultando en corrupci\u00f3n de memoria. Un servidor malicioso o un usuario malicioso no filtrado pueden enviar valores de longitud negativa para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2016-2378",
"lastModified": "2024-11-21T02:48:20.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.057",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=94"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0120/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=94"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0120/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 17:00
Modified
2024-11-21 01:59
Severity ?
Summary
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header."
},
{
"lang": "es",
"value": "Pidgin anterior a 2.10.8 permite a servidores MSN remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de (1) una respuesta SOAP, (2) respuesta OIM XML o (3) cabecera Content-Length manipuladas."
}
],
"id": "CVE-2013-6482",
"lastModified": "2024-11-21T01:59:18.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T17:00:05.417",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=77"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | libpurple | * | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5DB51C-9FD1-41CB-AAFD-5F6A072C3F82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6B929B-1F85-4584-AA92-5B30BE110D4F",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "A7D1DFC7-4B7F-4006-9058-8335A292821E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "12095F49-8DFD-4C74-9454-5C3A5992A3FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "C62110B5-61D7-406D-B1A5-65AEC202DDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "CD01B8C6-7D3E-4FF9-A5B5-AAF33F4CEBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "AD6D98DC-06FC-46E7-A790-98A0B43A4E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "3FEE4F73-A426-4B47-8BAF-1C7D2F955850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
},
{
"lang": "es",
"value": "La funci\u00f3n msn_slp_sip_recv de libpurple/protocols/msn/slp.c en el \"plugin\" (complemento) del protocolo MSN de libpurple de Pidgin en sus versiones anteriores a la v2.6.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de una referencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje SLP invite que carece de determinados campos obligatorios, tal como se ha demostrado con un mensaje mal formado desde un cliente KMess."
}
],
"id": "CVE-2009-3083",
"lastModified": "2024-11-21T01:06:29.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un servidor malicioso o un atacante man-in-the-middle puede enviar datos no v\u00e1lidos para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2016-2370",
"lastModified": "2024-11-21T02:48:18.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.727",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-01 22:41
Modified
2024-11-21 00:48
Severity ?
Summary
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function."
},
{
"lang": "es",
"value": "Pidgin 2.4.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un nombre de fichero largo que contiene ciertos caracteres, como se ha demostrado mediante un mensaje MSN que provocaba la ca\u00edda en la funci\u00f3n msn_slplink_process_msg."
}
],
"id": "CVE-2008-2955",
"lastModified": "2024-11-21T00:48:06.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-01T22:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30881"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/3966"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/493682/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1947"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493682/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip."
},
{
"lang": "es",
"value": "gtkimhtml.c en Pidgin anterior a 2.10.8 no interactua debidamente con la librer\u00eda subyacente de soporte para un amplio n\u00famero de dise\u00f1os de Pango, lo que permite a atacantes remotos asistidos por usuario causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una URL larga que es examinada con una \"tooltip\"."
}
],
"id": "CVE-2013-6478",
"lastModified": "2024-11-21T01:59:18.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-06T16:10:58.577",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=72"
},
{
"source": "secalert@redhat.com",
"url": "http://pidgin.im/pipermail/support/2013-March/012980.html"
},
{
"source": "secalert@redhat.com",
"url": "http://pidgin.im/pipermail/support/2013-March/012981.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/pipermail/support/2013-March/012980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/pipermail/support/2013-March/012981.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 17:00
Modified
2024-11-21 01:59
Severity ?
Summary
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow."
},
{
"lang": "es",
"value": "Error de signo de enteros en la funcionalidad MXit en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) a trav\u00e9s de un valor manipulado de emoticono, lo que provoca un desbordamiento de entero y desbordamiento de buffer."
}
],
"id": "CVE-2013-6489",
"lastModified": "2024-11-21T01:59:19.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T17:00:05.867",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=83"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65192"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA30C55-F54F-481A-BD32-778708E475C5",
"versionEndIncluding": "2.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "390887A5-9CC8-40B7-A7FD-E6D920BFCCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86FC11-74EB-4881-8C58-844B44A7BD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation."
},
{
"lang": "es",
"value": "nmevent.c en el plugin del protocolo Novell GroupWise en libpurple en Pidgin anterior a 2.10.10 permite a servidores remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje del servidor manipulado que provoca una reserva grande de memoria."
}
],
"id": "CVE-2014-3696",
"lastModified": "2024-11-21T02:08:40.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:04.400",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=88"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-17 03:54
Modified
2024-11-21 01:32
Severity ?
Summary
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.3 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
},
{
"lang": "es",
"value": "La funci\u00f3n silc_channel_message de ops.c del complemento del protocolo SILC de libpurple de Pidgin en versiones anteriores 2.10.1 no realiza la validaci\u00f3n prevista UTF-8 en los datos del mensaje, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje modificado. Una vulnerabilidad distinta a la CVE-2011-3594."
}
],
"id": "CVE-2011-4603",
"lastModified": "2024-11-21T01:32:38.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-17T03:54:46.120",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51074"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-01 13:00
Modified
2024-11-21 01:03
Severity ?
Summary
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3467B6-656E-4749-B70B-820049084F44",
"versionEndIncluding": "2.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo OSCAR en Pidgin anterior a v2.5.8 no interpreta el tipo de mensaje ICQWebMessage como tipo ICQSMS, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje web ICQ manipulado que lanza una asignaci\u00f3n de una gran cantidad de memoria."
}
],
"id": "CVE-2009-1889",
"lastModified": "2024-11-21T01:03:37.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-01T13:00:01.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/9483"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35693"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35697"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35706"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/35530"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-796-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1749"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/9483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-796-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-03 14:30
Modified
2024-11-21 01:04
Severity ?
Summary
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.12.3 | |
| aol | instant_messenger | * | |
| gnome | evolution | * | |
| mozilla | firefox | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| pidgin | pidgin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DF7CEB-81F5-46FC-9588-AF5326957C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6606C39B-8137-44B6-A96E-E0B8F67FAFFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C8E657-3049-4462-98F6-296C60BC8C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A0BF9F-F7E9-4196-BEF7-800B4C850990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el analizador de expresiones regulares en Mozilla NetWork Security Services (NSS) anteriores a 3.12.3 como las utilizadas en Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, y AOL Instant Messenger (AIM), permite a servidores SSL remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de dominio largo en el campo Common Name (CN) en un certificado X.509, relativo a la funci\u00f3n cert_TestHost_Name.\r\n"
}
],
"id": "CVE-2009-2404",
"lastModified": "2024-11-21T01:04:47.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-03T14:30:00.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36102"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36434"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37098"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39428"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/810-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-05 17:29
Modified
2024-11-21 02:42
Severity ?
Summary
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/security/cve/cve-2016-1000030 | Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe | Patch, Third Party Advisory | |
| cve@mitre.org | https://pidgin.im/news/security/?id=91 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-38 | Third Party Advisory | |
| cve@mitre.org | https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2016-1000030 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pidgin.im/news/security/?id=91 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-38 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suse | linux_enterprise_server | 11 | |
| pidgin | pidgin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C11B91EA-361A-46D6-A784-DFBFF679DE6E",
"versionEndExcluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pidgin version \u003c2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."
},
{
"lang": "es",
"value": "Pidgin en versiones anteriores a la 2.11.0 contiene una vulnerabilidad en las importaciones de certificados X.509, concretamente debido a la comprobaci\u00f3n incorrecta de valores de retorno de gnutls_x509_crt_init() y gnutls_x509_crt_import() que puede resultar en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante un certificado X.509 personalizado de otro cliente. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.11.0."
}
],
"id": "CVE-2016-1000030",
"lastModified": "2024-11-21T02:42:51.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-05T17:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pidgin.im/news/security/?id=91"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pidgin.im/news/security/?id=91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 19:55
Modified
2024-11-21 01:38
Severity ?
Summary
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 | |
| pidgin | pidgin | 2.10.0 | |
| pidgin | pidgin | 2.10.1 | |
| pidgin | pidgin | 2.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF9AC45-80BB-47A7-9C1A-D20EBEAD9509",
"versionEndIncluding": "2.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests."
},
{
"lang": "es",
"value": "proxy.c en libpurple en Pidgin anteriores a v2.10.4 no gestiona de forma adecuada los intentos de conexi\u00f3n SOCKS5 cancelados, lo oque permite a usuarios remotos asistidos por usuario autenticados a provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una secuencia de peticiones de transferencia de ficheros XMPP."
}
],
"id": "CVE-2012-2214",
"lastModified": "2024-11-21T01:38:43.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-03T19:55:02.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=62"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de referencia a puntero NULL en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una vulnerabilidad de denegaci\u00f3n de servicio. Un servidor malicioso puede enviar un paquete que comienza con un byte NULL desencadenando la vulnerabilidad."
}
],
"id": "CVE-2016-2369",
"lastModified": "2024-11-21T02:48:18.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.697",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0137/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados por el servidor podr\u00edan resultar potencialmente en una escritura fuera de l\u00edmites de un byte. Un servidor malicioso puede enviar un contenido negativo de longitud en respuesta a una petici\u00f3n HTTP desencadenando la vulnerabilidad."
}
],
"id": "CVE-2016-2377",
"lastModified": "2024-11-21T02:48:20.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.007",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=93"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0119/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0119/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adium | adium | 1.3.8 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adium:adium:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDD1A05-8C38-4787-ACF3-414D625F748F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17578F34-80F2-45A8-9C0C-A2CDD7109DA4",
"versionEndIncluding": "2.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013."
},
{
"lang": "es",
"value": "El archivo slp.c en el plugin del protocolo MSN en la biblioteca libpurple en Pidgin anterior a versi\u00f3n 2.6.6, incluyendo la versi\u00f3n 2.6.4, y Adium versi\u00f3n 1.3.8, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y bloqueo de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado por medio de una petici\u00f3n MSNSLP INVITE malformada en un mensaje SLP, un problema diferente de CVE-2010-0013."
}
],
"id": "CVE-2010-0277",
"lastModified": "2024-11-21T01:11:53.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.980",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn"
},
{
"source": "cve@mitre.org",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://pidgin.im/news/security/?id=43"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38915"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41868"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2693"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554335"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/news/security/?id=43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html\n\nWe currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin.",
"lastModified": "2010-02-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 20:15
Modified
2024-11-21 01:36
Severity ?
Summary
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."
},
{
"lang": "es",
"value": "Pidgin versi\u00f3n 2.10.0, usa DBUS para ciertas comunicaciones de texto sin cifrar, lo que permite a usuarios locales obtener informaci\u00f3n confidencial por medio de un monitor de sesi\u00f3n dbus."
}
],
"id": "CVE-2012-1257",
"lastModified": "2024-11-21T01:36:45.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T20:15:10.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/14830"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/ticket/14830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-27 18:29
Modified
2024-11-21 03:23
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D52019-18B7-49AB-B932-DDCD34F7C0EA",
"versionEndExcluding": "2.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de escritura fuera de l\u00edmites en el modo en que Pidgin en versiones anteriores a la 2.12.0 procesaba el contenido XML. Un servidor remoto malicioso podr\u00eda usar esta vulnerabilidad para provocar el cierre inesperado de Pidgin o ejecutar c\u00f3digo arbitrario en el contexto del proceso pidgin."
}
],
"id": "CVE-2017-2640",
"lastModified": "2024-11-21T03:23:53.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-27T18:29:00.970",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96775"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201706-10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201706-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3806"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-08 19:41
Modified
2024-11-21 00:49
Severity ?
Summary
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service."
},
{
"lang": "es",
"value": "La extensi\u00f3n (plugin) NSS en libpurple de Pidgin 2.4.3 no verifica certificados SSL, lo cual hace m\u00e1s f\u00e1cil a atacantes remotos enga\u00f1ar a usuarios a aceptar un certificado de servidor no v\u00e1lido para un servicio suplantado."
}
],
"id": "CVE-2008-3532",
"lastModified": "2024-11-21T00:49:28.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-08T19:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/ticket/6500"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31390"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30553"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2318"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44220"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/ticket/6500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00eda provocar corrupci\u00f3n de memoria resultando en ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2016-2371",
"lastModified": "2024-11-21T02:48:18.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.773",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-29 17:55
Modified
2024-11-21 01:29
Severity ?
Summary
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DA23D4-257B-4694-B111-A2F0D4F94C73",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message."
},
{
"lang": "es",
"value": "gtkutils.c en Pidgin anterior a v2.10.0 sobre Windows permite a atacantes remotos asistidos por el usuario ejecutar programas a trav\u00e9s de un fichero: URL en un mensaje."
}
],
"id": "CVE-2011-3185",
"lastModified": "2024-11-21T01:29:55.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-29T17:55:01.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=55"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "secalert@redhat.com",
"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 17:00
Modified
2024-11-21 01:59
Severity ?
Summary
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read."
},
{
"lang": "es",
"value": "libpurple/protocols/yahoo/libymsg.c en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje Yahoo! P2P con un campo \"length\" manipulado, lo que provoca una sobre-lectura del buffer."
}
],
"id": "CVE-2013-6481",
"lastModified": "2024-11-21T01:59:18.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T17:00:05.213",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=74"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una referencia a puntero nulo. Un servidor malicioso o un atacante que intercepte el tr\u00e1fico de red puede enviar datos no v\u00e1lidos para desencadenar esta vulnerabilidad y provocar un bloqueo."
}
],
"id": "CVE-2016-2365",
"lastModified": "2024-11-21T02:48:18.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.523",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=98"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0133/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0133/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-29 17:55
Modified
2024-11-21 01:29
Severity ?
Summary
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DA23D4-257B-4694-B111-A2F0D4F94C73",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message."
},
{
"lang": "es",
"value": "La funci\u00f3n msn_httpconn_parse_data en httpconn.c en el plugin del protocolo MSN en libpurple en Pidgin anterior a v2.10.0 no maneja adecuadamente 100 respuestas HTTP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (incorrecto acceso de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores que envuelven un mensaje de servidor manipulado."
}
],
"id": "CVE-2011-3184",
"lastModified": "2024-11-21T01:29:55.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-29T17:55:01.097",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=54"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45916"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC23273-E322-40E0-AD26-2F272EB5E7A1",
"versionEndIncluding": "2.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "A7D1DFC7-4B7F-4006-9058-8335A292821E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "12095F49-8DFD-4C74-9454-5C3A5992A3FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "C62110B5-61D7-406D-B1A5-65AEC202DDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "CD01B8C6-7D3E-4FF9-A5B5-AAF33F4CEBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "AD6D98DC-06FC-46E7-A790-98A0B43A4E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "3FEE4F73-A426-4B47-8BAF-1C7D2F955850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en las funciones msn_slplink_process_msg en el manejador del protocolo de MSN en (1) libpurple/protocols/msn/slplink.c y (2) libpurple/protocols/msnp9/slplink.c en Pidgin anterior a v2.5.6 en plataformas de 32 bits permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje mal formado con un valor de offset manipulado, que produce un desbordamiento de b\u00fafer. NOTA: Este hecho se produce por un arreglo incompleto de CVE-2008-2927."
}
],
"id": "CVE-2009-1376",
"lastModified": "2024-11-21T01:02:20.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T15:30:05.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35330"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=32"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50680"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-15 10:55
Modified
2024-11-21 01:33
Severity ?
Summary
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.3 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 | |
| pidgin | pidgin | 2.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83433A7F-CF88-41BD-90EF-7EE00567D38D",
"versionEndIncluding": "2.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room."
},
{
"lang": "es",
"value": "La funci\u00f3n de pidgin_conv_chat_rename_user gtkconv.c en Pidgin antes de v2.10.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda de aplicaci\u00f3n), cambiando un apodo mientras se encuentra en una sala de chat XMPP."
}
],
"id": "CVE-2011-4939",
"lastModified": "2024-11-21T01:33:19.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-15T10:55:01.273",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/ticket/14392"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=60"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/ticket/14392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 02:01
Severity ?
Summary
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message."
},
{
"lang": "es",
"value": "El plugin del protocolo IRC en libpurple en Pidgin anterior a 2.10.8 no valida la cantidad de argumentos, lo que permite a servidores IRC remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2014-0020",
"lastModified": "2024-11-21T02:01:11.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:59.217",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=85"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/4d9be297d399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/a167504359e5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un servidor malicioso o un atacante que intercepte el tr\u00e1fico red puede enviar datos no v\u00e1lidos para desencadenar esta vulnerabilidad y provocar un bloqueo."
}
],
"id": "CVE-2016-2366",
"lastModified": "2024-11-21T02:48:18.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.570",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-17 03:54
Modified
2024-11-21 01:32
Severity ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.3 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
},
{
"lang": "es",
"value": "El complemento del protocolo XMPP de libpurple de Pidgin en versiones anteriores a 2.10.1 no maneja apropiadamente campos faltantes en p\u00e1rrafos (1) voice-chat y (2) video-chat, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje modificado."
}
],
"id": "CVE-2011-4602",
"lastModified": "2024-11-21T01:32:38.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-17T03:54:45.993",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"source": "secalert@redhat.com",
"url": "http://pidgin.im/news/security/?id=58"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47219"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/news/security/?id=58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-14 19:30
Modified
2024-11-21 01:14
Severity ?
Summary
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB22CE91-8AB9-46CF-A175-A34EA7CEB958",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message."
},
{
"lang": "es",
"value": "La funci\u00f3n msn_emoticon_msg en slp.c en el plugin MSN protocol en libpurple en Pidgin en versiones anteriores a la 2.7.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un emoticono personalizado en un mensaje SLP malformado."
}
],
"id": "CVE-2010-1624",
"lastModified": "2024-11-21T01:14:50.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-14T19:30:01.500",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/41899"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.pidgin.im/news/security/index.php?id=46"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40138"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=589973"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58559"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/41899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.pidgin.im/news/security/index.php?id=46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=589973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-30 13:26
Modified
2024-11-21 01:16
Severity ?
Summary
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108C1906-87FC-414B-93F9-C97D36D49909",
"versionEndIncluding": "2.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element."
},
{
"lang": "es",
"value": "La funci\u00f3n clientautoresp de family_icbm.c en el complemento de protocolo oscar en libpurple de Pidgin en versiones anteriores a la v2.7.2 permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero a NULL pointer y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje X-Status que no tiene la etiqueta de fin esperada para un elemento (1) desc o (2) title."
}
],
"id": "CVE-2010-2528",
"lastModified": "2024-11-21T01:16:50.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-30T13:26:15.067",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40699"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462873"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/66506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=47"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/41881"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1887"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2221"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60566"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/66506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA30C55-F54F-481A-BD32-778708E475C5",
"versionEndIncluding": "2.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "390887A5-9CC8-40B7-A7FD-E6D920BFCCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86FC11-74EB-4881-8C58-844B44A7BD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message."
},
{
"lang": "es",
"value": "La funci\u00f3n jabber_idn_validate en jutil.c en el plugin de protocolo Jabber en libpurple en Pidgin anterior a 2.10.10 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria de procesos a trav\u00e9s de un mensaje XMPP manipulado."
}
],
"id": "CVE-2014-3698",
"lastModified": "2024-11-21T02:08:40.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:04.493",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=90"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-31 20:30
Modified
2024-11-21 01:06
Severity ?
Summary
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en Pidgin v2.6.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un enlace en Yahoo IM.\r\n"
}
],
"id": "CVE-2009-3025",
"lastModified": "2024-11-21T01:06:20.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-31T20:30:01.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/19/2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-09-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user."
},
{
"lang": "es",
"value": "Existe una fuga de informaci\u00f3n en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un usuario, servidor o atacante man-in-the-middle malicioso puede enviar un tama\u00f1o inv\u00e1lido para una transferencia de archivos que desencadenar\u00e1 una vulnerabilidad de lectura fuera de l\u00edmites. Esto podr\u00eda resultar en una denegaci\u00f3n de servicio o copia de datos desde la memoria al archivo, resultando en una fuga de informaci\u00f3n si el archivo es enviado a otro usuario."
}
],
"id": "CVE-2016-2372",
"lastModified": "2024-11-21T02:48:19.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.807",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=105"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0140/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0140/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 22:46
Modified
2024-11-21 00:36
Severity ?
Summary
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996."
},
{
"lang": "es",
"value": "libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticaci\u00f3n HTML, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a NULL y ca\u00edda de aplicaci\u00f3n) mediante un mensaje que contiene datos HTML inv\u00e1lidos, vector distinto de CVE-2007-4996."
}
],
"id": "CVE-2007-4999",
"lastModified": "2024-11-21T00:36:54.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T22:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/38695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27372"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27495"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27858"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.pidgin.im/news/security/?id=24"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26205"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-548-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/3624"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.pidgin.im/news/security/?id=24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-548-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-08 10:26
Modified
2024-11-21 01:33
Severity ?
Summary
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.10.0 | |
| pidgin | pidgin | 2.10.1 | |
| pidgin | pidgin | 2.10.2 | |
| pidgin | pidgin | 2.10.3 | |
| pidgin | pidgin | 2.10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22D8D744-7C2B-491C-8957-67907744C005",
"versionEndIncluding": "2.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents."
},
{
"lang": "es",
"value": "cipher.c en la API de cifrado en libpurple en Pidgin anterior a v2.7.10 conserva la clave de cifrado de datos en la memoria del proceso, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un archivo central u otra representaci\u00f3n de contenido de la memoria."
}
],
"id": "CVE-2011-4922",
"lastModified": "2024-11-21T01:33:18.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-08T10:26:18.127",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/01/04/13"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=50"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/8c850977cb42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/01/04/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure."
},
{
"lang": "es",
"value": "Existe una lectura fuera de l\u00edmites explotable en el manejo del protocolo MXIT en Pidgin. Informaci\u00f3n de contacto MXIT especialmente manipulada enviada desde el servidor puede resultar en divulgaci\u00f3n de memoria."
}
],
"id": "CVE-2016-2375",
"lastModified": "2024-11-21T02:48:19.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.930",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=108"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC23273-E322-40E0-AD26-2F272EB5E7A1",
"versionEndIncluding": "2.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de vectores que incluyen una transferencia de fichero saliente XMPP. NOTA: Algunos de los detalles fueron obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-1373",
"lastModified": "2024-11-21T01:02:19.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-26T15:30:05.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35215"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35330"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=29"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-21 11:02
Modified
2024-11-21 01:05
Severity ?
Summary
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adium | adium | * | |
| adium | adium | 1.2.7 | |
| adium | adium | 1.3 | |
| adium | adium | 1.3.1 | |
| adium | adium | 1.3.2 | |
| adium | adium | 1.3.3 | |
| adium | adium | 1.3.4 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01CB5803-0C03-4EC5-B865-8760B1231267",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45233B3A-A3A1-45C0-A9F4-548B076742F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAFC986-0E07-48D7-9B67-66B65CAA9AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA83F88-808F-4D8B-A33D-16994C9074A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A75801-F3AD-49E5-B981-6158E9B8F598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7396CE73-35C6-4F72-8F1F-16D8B7E0C029",
"versionEndIncluding": "2.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
},
{
"lang": "es",
"value": "La funci\u00f3n msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) mediante el env\u00edo de m\u00faltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elecci\u00f3n. NOTA: esta vulnerabilidad reportada est\u00e1 causada por una reparaci\u00f3n incompleta de CVE-2009-1376."
}
],
"id": "CVE-2009-2694",
"lastModified": "2024-11-21T01:05:31.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-21T11:02:41.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"source": "cve@mitre.org",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36392"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36401"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36402"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36708"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-25 01:55
Modified
2024-11-21 01:32
Severity ?
Summary
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.3 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition."
},
{
"lang": "es",
"value": "family_feedbag.c en el protocolo oscar en el plugin libpurple en Pidgin anterior a v2.10.1 no lleva a cabo la validaci\u00f3n UTF-8 en los mensajes de datos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje elaborado (1) AIM o (2) ICQ asociado con la adici\u00f3n de lista de amigos."
}
],
"id": "CVE-2011-4601",
"lastModified": "2024-11-21T01:32:38.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-25T01:55:02.130",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=57"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47219"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51010"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-07 10:21
Modified
2024-11-21 01:40
Severity ?
Summary
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3305C9-F3F7-4E9A-A46B-ED3245CF1872",
"versionEndIncluding": "2.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en markup.c en el plugin MXit en libpurple en Pidgin anterior a v2.10.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen en un mensaje"
}
],
"id": "CVE-2012-3374",
"lastModified": "2024-11-21T01:40:44.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-07T10:21:14.650",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=64"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/ded93865ef42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA30C55-F54F-481A-BD32-778708E475C5",
"versionEndIncluding": "2.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "390887A5-9CC8-40B7-A7FD-E6D920BFCCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86FC11-74EB-4881-8C58-844B44A7BD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response."
},
{
"lang": "es",
"value": "markup.c en el plugin de protocolo MXit en libpurple en Pidgin anterior a 2.10.10 permite a servidores remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un valor grande de longitud en una respuesta emoticon."
}
],
"id": "CVE-2014-3695",
"lastModified": "2024-11-21T02:08:40.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:04.353",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=87"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-24 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17578F34-80F2-45A8-9C0C-A2CDD7109DA4",
"versionEndIncluding": "2.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat."
},
{
"lang": "es",
"value": "gtkimhtml.c en Pidgin anterior a v2.6.6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y cuelgue de aplicaci\u00f3n) mediante el env\u00edo de varios smileys en una conversaci\u00f3n de (1) IM o (2) chat."
}
],
"id": "CVE-2010-0423",
"lastModified": "2024-11-21T01:12:11.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-24T18:30:00.530",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=45"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39509"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/62440"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565792"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56394"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact.\n\nFor Red Hat Enterprise Linux 4 and 5, this issue was addressed via https://rhn.redhat.com/errata/RHSA-2010-0115.html\n\nWe currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the issue only causes Pidgin client to become unresponsive or crash.",
"lastModified": "2010-02-25T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-17 22:30
Modified
2024-11-21 00:34
Severity ?
Summary
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
},
{
"lang": "es",
"value": "Vulnerabilida no especificada en Pidgin (formalmente Gaim) 2.0.2 para Linux permite a usuarios remotos validados, quienes son listados en una lista de usuarios, ejecutar ciertos comandos a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como ZD-00000035. NOTA: esta informaci\u00f3n esta basada en sobre un asesoriamiento impreciso por una informaci\u00f3n de la vulnerabilidad de una organizaci\u00f3n de ventas que no se coordino con los vendedores o avisos publicados. Un CVE se ha asignado para los prop\u00f3sitos que segu\u00eda, pero los duplicados con otros CVEs son dif\u00edciles de determinarse."
}
],
"id": "CVE-2007-3841",
"lastModified": "2024-11-21T00:34:12.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-17T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24904"
},
{
"source": "cve@mitre.org",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply."
},
{
"lang": "es",
"value": "El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la direcci\u00f3n origen en una respuesta iq es consistente con la direcci\u00f3n destino en una solicitud iq, lo que permite a atacantes remotos falsificar tr\u00e1fico iq o causar una denegaci\u00f3n de servicio (referencia a un puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una respuesta manipulada."
}
],
"id": "CVE-2013-6483",
"lastModified": "2024-11-21T01:59:19.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=78"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/93d4bff19574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-23 20:55
Modified
2024-11-21 01:38
Severity ?
Summary
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cypherpunks | pidgin-otr | * | |
| pidgin | pidgin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cypherpunks:pidgin-otr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5271C42-B1A7-4138-BB67-FC49C088E191",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A0BF9F-F7E9-4196-BEF7-800B4C850990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n log_message_cb en otr-plugin.c en el plugin Off-the-Record Messaging (OTR) en Pidgin para versiones anteriores a v3.2.1, puede permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante especificadores de formato de cadena en datos que generan un mensaje de log."
}
],
"id": "CVE-2012-2369",
"lastModified": "2024-11-21T01:38:57.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-23T20:55:01.520",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2012/05/16/2"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201207-05.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2012/05/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201207-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2476"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:45
Severity ?
Summary
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences."
},
{
"lang": "es",
"value": "El plugin del protocolo de Yahoo! en libpurple en Pidgin anterior a 2.10.8 no valida debidamente datos UTF-8, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de secuencias de bytes manipuladas."
}
],
"id": "CVE-2012-6152",
"lastModified": "2024-11-21T01:45:55.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.030",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=70"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=70"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria explotable en el manejo del protocolo MXIT en Pidgin. Un mensaje MXIT MultiMX especialmente manipulado enviado a trav\u00e9s del servidor puede resultar en una escritura fuera de l\u00edmites conduciendo a divulgaci\u00f3n de memoria y ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2016-2374",
"lastModified": "2024-11-21T02:48:19.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.883",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=107"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-24 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17578F34-80F2-45A8-9C0C-A2CDD7109DA4",
"versionEndIncluding": "2.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing \u003cbr\u003e sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname."
},
{
"lang": "es",
"value": "libpurple en Finch en Pidgin anterior a v2.6.6, cuando se usa un chat XMPP multi-usuario, no valida adecuadamente los alias (nicknames) que contienen la secuencia \u003cbr\u003e, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante el alias."
}
],
"id": "CVE-2010-0420",
"lastModified": "2024-11-21T01:12:10.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-24T18:30:00.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=44"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39509"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/62439"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565786"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-902-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.10.0 | |
| pidgin | pidgin | 2.10.1 | |
| pidgin | pidgin | 2.10.2 | |
| pidgin | pidgin | 2.10.3 | |
| pidgin | pidgin | 2.10.4 | |
| pidgin | pidgin | 2.10.5 | |
| pidgin | pidgin | 2.10.6 | |
| pidgin | pidgin | 2.10.7 | |
| pidgin | pidgin | 2.10.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA30C55-F54F-481A-BD32-778708E475C5",
"versionEndIncluding": "2.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "390887A5-9CC8-40B7-A7FD-E6D920BFCCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86FC11-74EB-4881-8C58-844B44A7BD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "(1) El plugin bundled GnuTLS SSL/TLS y (2) el plugin bundled OpenSSL SSL/TLS en libpurple en Pidgin anterior a 2.10.10 no consideran debidamente la extensi\u00f3n Basic Constraints durante la verificaci\u00f3n de los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-3694",
"lastModified": "2024-11-21T02:08:40.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:04.307",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=86"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/2e4475087f04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | libpurple | * | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5DB51C-9FD1-41CB-AAFD-5F6A072C3F82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6B929B-1F85-4584-AA92-5B30BE110D4F",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "A7D1DFC7-4B7F-4006-9058-8335A292821E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "12095F49-8DFD-4C74-9454-5C3A5992A3FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "C62110B5-61D7-406D-B1A5-65AEC202DDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "CD01B8C6-7D3E-4FF9-A5B5-AAF33F4CEBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "AD6D98DC-06FC-46E7-A790-98A0B43A4E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "3FEE4F73-A426-4B47-8BAF-1C7D2F955850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
"matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
},
{
"lang": "es",
"value": "El plugin para el protocolo XMPP en libpurple en Pidgin anterior a v2.6.2 no maneja adecuadamente un error en la trama IQ (petici\u00f3n de informaci\u00f3n) durante un intento de traer un smiley personalizado, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (fin de la aplicaci\u00f3n) mediante contenido XHTML-IM con imagenes \"cid:\"."
}
],
"id": "CVE-2009-3085",
"lastModified": "2024-11-21T01:06:30.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC23273-E322-40E0-AD26-2F272EB5E7A1",
"versionEndIncluding": "2.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol."
},
{
"lang": "es",
"value": "La implementaci\u00f3n PurpleCircBuffer en Pidgin anteriores a v2.5.6 no mantienen de forma adecuada cierto b\u00fafer, lo que permite a atacantes remotos producir una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que incluyen los protocolos (1) XMPP o (2) Sametime."
}
],
"id": "CVE-2009-1375",
"lastModified": "2024-11-21T01:02:20.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T15:30:05.250",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/54649"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35215"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=31"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-16 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ED22-0FD0-4A51-887F-8A100C750567",
"versionEndIncluding": "2.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network."
},
{
"lang": "es",
"value": "upnp.c en libpurple en Pidgin anterior a v2.10.7 no termina correctamente string de gran longitud en respuestas UPnP, permitiendo a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante el acceso a un red local."
}
],
"id": "CVE-2013-0274",
"lastModified": "2024-11-21T01:47:12.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-16T21:55:02.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=68"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-16 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ED22-0FD0-4A51-887F-8A100C750567",
"versionEndIncluding": "2.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname."
},
{
"lang": "es",
"value": "El plugin de protocolo MXit en libpurple en Pidgin anterior a v2.10.7 puede permitir a atacantes remotos sobreescribir ficheros mediante una ruta (1) mxit o (2) mxit/imagestrips"
}
],
"id": "CVE-2013-0271",
"lastModified": "2024-11-21T01:47:12.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-16T21:55:02.093",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=65"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-29 17:55
Modified
2024-11-21 01:29
Severity ?
Summary
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | libpurple | 2.8.0 | |
| pidgin | libpurple | 2.9.0 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A07707B-7497-46B0-AD82-6220D465CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BF6251-A20F-4C9A-A484-5D3F0B0C7A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DA23D4-257B-4694-B111-A2F0D4F94C73",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
},
{
"lang": "es",
"value": "La funci\u00f3n irc_msg_who en msgs.c en el plugin del protocolo IRC en libpurple v2.8.0 hasta v2.9.0 en Pidgin anterior a v2.10.0 no valida adecuadamente caracteres en nombres de usuario, lo que permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (desreferenciar un puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s del nombre de usuario que no se maneja adecuadamente en una respuesta WHO."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-2943",
"lastModified": "2024-11-21T01:29:19.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-29T17:55:00.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45916"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-15 10:55
Modified
2024-11-21 01:36
Severity ?
Summary
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.3 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 | |
| pidgin | pidgin | 2.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83433A7F-CF88-41BD-90EF-7EE00567D38D",
"versionEndIncluding": "2.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding."
},
{
"lang": "es",
"value": "La funci\u00f3n de msn_oim_report_to_user oim.c en el plugin del protocolo MSN en libpurple en Pidgin antes de v2.10.2 permite a los servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje de la OIM que carece de codificaci\u00f3n UTF-8."
}
],
"id": "CVE-2012-1178",
"lastModified": "2024-11-21T01:36:36.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-15T10:55:01.417",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/ticket/14884"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=61"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52475"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/ticket/14884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message."
},
{
"lang": "es",
"value": "M\u00faltiples errores de signo de enteros en libpurple en Pidgin anterior a 2.10.8 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un valor timestamp manipulado en un mensaje XMPP."
}
],
"id": "CVE-2013-6477",
"lastModified": "2024-11-21T01:59:18.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.500",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://pidgin.im/news/security/?id=71"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/852014ae74a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/news/security/?id=71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-16 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ED22-0FD0-4A51-887F-8A100C750567",
"versionEndIncluding": "2.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet."
},
{
"lang": "es",
"value": "sametime.c en el plugin de protocolo Sametime en libpurple en Pidgin anterior a v2.10.7 no termina correctamente IDs de usuario de gran longitud, permitiendo a servidores remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un paquete manipulado."
}
],
"id": "CVE-2013-0273",
"lastModified": "2024-11-21T01:47:12.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-16T21:55:02.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=67"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1746-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a trav\u00e9s del servidor podr\u00edan resultar potencialmente en una escritura fuera de l\u00edmites. Un servidor o usuario malicioso puede enviar un mood inv\u00e1lido para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2016-2373",
"lastModified": "2024-11-21T02:48:19.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.837",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=106"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-08 21:00
Modified
2024-11-21 01:18
Severity ?
Summary
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jianping_yu | pidgin-knotify | * | |
| jianping_yu | pidgin-knotify | 0.1 | |
| jianping_yu | pidgin-knotify | 0.1.2 | |
| jianping_yu | pidgin-knotify | 0.2.0 | |
| pidgin | pidgin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jianping_yu:pidgin-knotify:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C011D989-CC81-4D18-81CE-0D76A7267251",
"versionEndIncluding": "0.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jianping_yu:pidgin-knotify:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D89DE-348B-428C-81A4-773179714686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jianping_yu:pidgin-knotify:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B27488F-5734-4CE6-BCE5-8ECA19EBE3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jianping_yu:pidgin-knotify:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58D594D3-2AC1-4D70-8FD0-D804F372968D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A0BF9F-F7E9-4196-BEF7-800B4C850990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message."
},
{
"lang": "es",
"value": "La funci\u00f3n de notificaci\u00f3n en pidgin-knotify.c en el plugin pidgin-knotify v0.2.1 y anteriores para Pidgin permite a atacantes remotos ejecutar comandos arbitrarios usando metacaracteres encubiertos en un mensaje."
}
],
"id": "CVE-2010-3088",
"lastModified": "2024-11-21T01:18:00.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-08T21:00:02.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/12/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/13/4"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=336916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pidgin-knotify/issues/detail?id=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=336916"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC23273-E322-40E0-AD26-2F272EB5E7A1",
"versionEndIncluding": "2.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n decrypt_out en Pidgin anteriores a v2.5.6 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n)a trav\u00e9s de un paquete QQ."
}
],
"id": "CVE-2009-1374",
"lastModified": "2024-11-21T01:02:19.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T15:30:05.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=30"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500490"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50684"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 19:55
Modified
2024-11-21 01:38
Severity ?
Summary
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 | |
| pidgin | pidgin | 2.7.11 | |
| pidgin | pidgin | 2.8.0 | |
| pidgin | pidgin | 2.9.0 | |
| pidgin | pidgin | 2.10.0 | |
| pidgin | pidgin | 2.10.1 | |
| pidgin | pidgin | 2.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF9AC45-80BB-47A7-9C1A-D20EBEAD9509",
"versionEndIncluding": "2.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message."
},
{
"lang": "es",
"value": "msg.c en el plugin del protocolo MSN en libpurple en Pidgin antes de v2.10.4 no trata correctamente los caracteres hechos a mano, lo que permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante la colocaci\u00f3n de estos caracteres en un mensaje de texto plano (text/plain)."
}
],
"id": "CVE-2012-2318",
"lastModified": "2024-11-21T01:38:52.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T19:55:03.020",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=63"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53400"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2024-11-21 02:51
Severity ?
Summary
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability."
},
{
"lang": "es",
"value": "Exste un salto de directorio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podr\u00edan resultar potencialmente en una sobreescritura de archivos. un servidor malicioso o alguien con acceso al tr\u00e1fico de red puede proveer un nombre de archivo inv\u00e1lido para una imagen gr\u00e1fica que desencadena la vulnerabilidad."
}
],
"id": "CVE-2016-4323",
"lastModified": "2024-11-21T02:51:51.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.523",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=97"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0128/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0128/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 17:00
Modified
2024-11-21 01:59
Severity ?
Summary
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "La funcionalidad del protocolo SIMPLE en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una cabecera Content-Length negativo, lo que provoca un desbordamiento de buffer."
}
],
"id": "CVE-2013-6490",
"lastModified": "2024-11-21T01:59:19.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T17:00:06.087",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=84"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65195"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-14 19:55
Modified
2024-11-21 01:25
Severity ?
Summary
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 | |
| pidgin | pidgin | 2.7.3 | |
| pidgin | pidgin | 2.7.4 | |
| pidgin | pidgin | 2.7.5 | |
| pidgin | pidgin | 2.7.6 | |
| pidgin | pidgin | 2.7.7 | |
| pidgin | pidgin | 2.7.8 | |
| pidgin | pidgin | 2.7.9 | |
| pidgin | pidgin | 2.7.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message."
},
{
"lang": "es",
"value": "libymsg.c en Yahoo! en el plugin del protocolo en libpurple en Pidgin v2.6.0 hasta v2.7.10 permite (1) a usuarios autenticados de forma remota provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de notificaciones de paquetes YMSG mal formados, y permite (2) servidores remotos de Yahoo! provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de mensajes YMSG SMS mal formados."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-1091",
"lastModified": "2024-11-21T01:25:30.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-14T19:55:02.620",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43695"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43721"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46376"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.466884"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=51"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46837"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0643"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0661"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0669"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0703"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.466884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-01 22:41
Modified
2024-11-21 00:48
Severity ?
Summary
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."
},
{
"lang": "es",
"value": "La funcionalidad UPnP en Pidgin 2.0.0 y probablemente otras versiones, permite a atacantes remotos provocar la descarga de ficheros de su elecci\u00f3n y causar una denegaci\u00f3n de servicio (consumo de memoria o disco) a trav\u00e9s de un paquete UDP que especifica una URL de su elecci\u00f3n."
}
],
"id": "CVE-2008-2957",
"lastModified": "2024-11-21T00:48:06.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-01T22:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 16:10
Modified
2024-11-21 01:59
Severity ?
Summary
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1566CF06-79F8-4293-87C4-419C35A85BF0",
"versionEndIncluding": "2.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A730DE04-9886-4920-A210-6C41CD77E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7F491-499A-4E1B-B5DB-FC1186DD6672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEE2341-00C0-48D7-867F-DF18D4BBEE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450890EF-3950-4603-8402-BBD539D6CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF30FFB0-19E7-4385-A752-BEAD0A085CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C00098D5-9696-499A-8048-31FD4021CB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegaci\u00f3n de servicio (una operaci\u00f3n de escritura fuera de rango y ca\u00edda de la aplicaci\u00f3n) mediante un error de lectura del socket."
}
],
"id": "CVE-2013-6484",
"lastModified": "2024-11-21T01:59:19.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T16:10:58.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=79"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.pidgin.im/pidgin/main/rev/932b985540e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adium | adium | 1.3.8 | |
| pidgin | pidgin | 2.6.4 | |
| fedoraproject | fedora | 11 | |
| fedoraproject | fedora | 12 | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 10 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adium:adium:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDD1A05-8C38-4787-ACF3-414D625F748F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9D5815-B269-4E63-8F37-E064B49EBF71",
"versionEndIncluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*",
"matchCriteriaId": "105187A7-2AFE-46F9-B0A9-F09C7E10BFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en slp.c en el complemento del protocolo MSN en libpurple en Pidgin v2.6.4 y Adium v1.3.8 permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de un .. (punto punto) en una petici\u00f3n emoticono MSN application/x-msnmsgrp2p (tambi\u00e9n conocido como emoticono personalizado), un caso relaciona con CVE-2004-0122. Se podr\u00eda decir que es el resultado de una vulnerabilidad en \u00f1a que un emoticono descarga peticiones es procesado incluso sin un mensaje que preceda text/x-mms-emoticon que anunci\u00f3 la disponibilidad del emoticono."
}
],
"id": "CVE-2010-0013",
"lastModified": "2024-11-21T01:11:19.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-01-09T18:30:01.697",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37953"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37954"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38915"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/02/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-28 00:00
Modified
2024-11-21 01:19
Severity ?
Summary
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 | |
| pidgin | pidgin | 2.6.2 | |
| pidgin | pidgin | 2.6.4 | |
| pidgin | pidgin | 2.6.5 | |
| pidgin | pidgin | 2.6.6 | |
| pidgin | pidgin | 2.7.0 | |
| pidgin | pidgin | 2.7.1 | |
| pidgin | pidgin | 2.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3764411A-584D-4865-9D09-5E174C542914",
"versionEndIncluding": "2.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support."
},
{
"lang": "es",
"value": "libpurple en Pidgin anterior a v2.7.4 no valida correctamente el valor de retorno de la funci\u00f3n purple_base64_decode, lo cual permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (desreferencia de puntero nulo y cuelgue de la aplicaci\u00f3n) a trav\u00e9s de un mensaje hecho a mano, relacionado con los plugins para el MSN, MySpaceIM, XMPP y Yahoo y con el soporte de autenticaci\u00f3n NTLM."
}
],
"id": "CVE-2010-3711",
"lastModified": "2024-11-21T01:19:26.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-28T00:00:03.673",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=48"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41893"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41899"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42075"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42294"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1024623"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462352"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:208"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/68773"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0890.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44283"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2753"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2754"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2847"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2851"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2870"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641921"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62708"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pidgin.im/news/security/?id=48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/68773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1014-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:30
Severity ?
Summary
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E39F2309-88A3-465B-8B00-2AF4F7E5341D",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "694E9267-6C77-485A-A387-620C894D0A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38121333-EDB4-49D1-8C78-7AC81A5F1694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07CF32F1-D3F8-40EF-B82A-24B003196BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8338C31B-AB47-43F3-BA66-E28D42CA11CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91B46C01-4E42-4574-90C6-9BD48FE5E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B650359B-C109-40C1-A202-6D52A47FDC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD7C31-A4D9-47E0-9B09-821B5922AA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C90C816-1692-4FDB-AAFA-EB0C0DB34BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C48C29-7D4A-4AA8-8C2C-02A73B659DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED29C88-6ABD-46F2-AD25-BD82A6FD788A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59FAAAF5-BED0-4AAC-AD65-7760688AE8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54940E-FC08-45DD-9F38-B5AAA13E0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6A399-2600-4266-A1E5-3230C70777D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E538500B-727D-4BA1-8D03-D3E8D68C64A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3569E38-E238-4F4F-839B-645FA24C75AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9123A9DA-9582-42AB-B6AA-B4B7A88C9462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95271D73-B2C5-4BA5-B99B-A742B89F03F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F648DF2-78D0-4462-BD90-5575A2D43858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C48CD0-8AE6-490E-9D8E-9EE440FA200D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "60D86CF3-4525-4C64-BF96-73D0B8ABD0BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF2826-D6DF-4F79-9730-B6C30510D4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7E4244-968E-451C-8B65-89F5AE90743C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3A2B1EE0-7B98-4F65-837E-1E21DA05FCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "082B4A01-46EF-49D1-AEC2-E85C44B5EC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8E11B4-4213-4CBB-AE3E-6DFE060BBF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8CE5BE-03B4-4556-8ADE-6E645AD211F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BDC1AE-C390-42D5-A0EF-80A59C350F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E95A0047-BB16-4349-9DF1-76785E14DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C610601F-0E26-4D8B-916B-0D26F15C875A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00D8C461-E1A7-45B1-8C93-C67AA89FE5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A948803-6E2C-468B-8B48-30ABBE58A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "68F91086-15BD-4E7C-995F-99B7894C1BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06547B5C-62AA-47EB-825B-CD2CF5FEE285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F31DD21-BDA2-4860-A801-F88F4B3A46E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70DDABE1-FA78-4A04-B6CC-923061168916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36B72FCA-745A-42D8-8BDD-BD2503AAFE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF3C837-FAF9-4F1E-9659-1DF1C2A4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81531C20-5115-470A-830E-53FFC3F25AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFA8CD4-6108-4B3D-AE8D-482C693F26A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0283D-9A97-4C4C-A11A-BD102D60CCB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "56E61E91-D2B9-46CE-A8E9-F17F7CF4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A476037A-712E-41AA-A2CA-D1C5624B1D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8BB6C-CB59-490C-AA87-56E17ABC2AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "85B34BE2-3207-4085-AEE4-134B4687D26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A07707B-7497-46B0-AD82-6220D465CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:libpurple:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BF6251-A20F-4C9A-A484-5D3F0B0C7A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A0BF9F-F7E9-4196-BEF7-800B4C850990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
},
{
"lang": "es",
"value": "La funci\u00f3n g_markup_escape_text en el complemento de protocolo SILC en libpurple v2.10.0 y anteriores, como se usa en Pidgin y posiblemente en otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de secuencias UTF-8 inv\u00e1lidas que disparan el uso de punteros no v\u00e1lidos y lectura fuera de los l\u00edmites, relacionado con interacciones con ciertas versiones de glib2"
}
],
"id": "CVE-2011-3594",
"lastModified": "2024-11-21T01:30:48.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-04T21:55:07.083",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"source": "secalert@redhat.com",
"url": "http://pidgin.im/news/security/?id=56"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46376"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pidgin.im/news/security/?id=56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-20 17:30
Modified
2024-11-21 01:07
Severity ?
Summary
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adium | adium | * | |
| adium | adium | 1.0 | |
| adium | adium | 1.0.1 | |
| adium | adium | 1.0.2 | |
| adium | adium | 1.0.3 | |
| adium | adium | 1.0.4 | |
| adium | adium | 1.0.5 | |
| adium | adium | 1.1 | |
| adium | adium | 1.1.1 | |
| adium | adium | 1.1.2 | |
| adium | adium | 1.1.3 | |
| adium | adium | 1.1.4 | |
| adium | adium | 1.2.7 | |
| adium | adium | 1.3 | |
| adium | adium | 1.3.1 | |
| adium | adium | 1.3.2 | |
| adium | adium | 1.3.3 | |
| adium | adium | 1.3.4 | |
| adium | adium | 1.3.5 | |
| pidgin | pidgin | * | |
| pidgin | pidgin | 2.0.0 | |
| pidgin | pidgin | 2.0.1 | |
| pidgin | pidgin | 2.0.2 | |
| pidgin | pidgin | 2.1.0 | |
| pidgin | pidgin | 2.1.1 | |
| pidgin | pidgin | 2.2.0 | |
| pidgin | pidgin | 2.2.1 | |
| pidgin | pidgin | 2.2.2 | |
| pidgin | pidgin | 2.3.0 | |
| pidgin | pidgin | 2.3.1 | |
| pidgin | pidgin | 2.4.0 | |
| pidgin | pidgin | 2.4.1 | |
| pidgin | pidgin | 2.4.2 | |
| pidgin | pidgin | 2.4.3 | |
| pidgin | pidgin | 2.5.0 | |
| pidgin | pidgin | 2.5.1 | |
| pidgin | pidgin | 2.5.2 | |
| pidgin | pidgin | 2.5.3 | |
| pidgin | pidgin | 2.5.4 | |
| pidgin | pidgin | 2.5.5 | |
| pidgin | pidgin | 2.5.6 | |
| pidgin | pidgin | 2.5.7 | |
| pidgin | pidgin | 2.5.8 | |
| pidgin | pidgin | 2.5.9 | |
| pidgin | pidgin | 2.6.0 | |
| pidgin | pidgin | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1F576D-5609-4C06-BF75-53D7744E26A5",
"versionEndIncluding": "1.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D44D7E-116F-488C-8566-F7EA78C847FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8857D0-14C2-49F6-AE8F-287792895776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56022448-6CEE-4DE9-BC5D-F3F401470257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D4A6BA-AB30-4EFA-BF5E-9212CBF6B141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33448B4-31F3-434F-96D4-934D65BF65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8C3F99-1E0C-4FDB-8E76-46CF6CBBA7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B851E0-5D86-4D7F-A1AD-903ADA6A2C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6DEA45-1C3C-432E-9746-F1C548C8E8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE2A0AA-BD45-4A8B-BB3C-D69BFDC7E363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6A1C31-EA56-406F-AE65-10F838E4292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7223E59A-FA39-4D8A-A48D-1ACCF0454703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45233B3A-A3A1-45C0-A9F4-548B076742F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAFC986-0E07-48D7-9B67-66B65CAA9AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA83F88-808F-4D8B-A33D-16994C9074A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A75801-F3AD-49E5-B981-6158E9B8F598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adium:adium:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D99412CA-98D5-46A9-84FE-0FA1D2FD841F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDF8BD7-6D64-4894-8CA2-D6953E6833A2",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client."
},
{
"lang": "es",
"value": "El conponente OSCAR protocol en libpurple en Pidgin v2.6.3 y Adium anterior v1.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de datos de una lista de contactos manipulada para (1) ICQ y probablemete (2) AIM, como se ha demostrado con el cliente SIM IM."
}
],
"id": "CVE-2009-3615",
"lastModified": "2024-11-21T01:07:48.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-20T17:30:00.983",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/ticket/10481"
},
{
"source": "secalert@redhat.com",
"url": "http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37072"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=41"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36719"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2951"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53807"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/ticket/10481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-01 20:17
Modified
2024-11-21 00:36
Severity ?
Summary
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver\u0027s buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \"an invalid memory location.\""
},
{
"lang": "es",
"value": "libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no est\u00e1n en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un mensaje personalizado que dispara un acceso de \"ubicaci\u00f3n inv\u00e1lida de memoria\"."
}
],
"id": "CVE-2007-4996",
"lastModified": "2024-11-21T00:36:54.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T20:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27010"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.pidgin.im/news/security/?id=23"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/3321"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.pidgin.im/news/security/?id=23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-10-04T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}