Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    14 vulnerabilities found for libpurple by pidgin

    CVE-2011-3594 (GCVE-0-2011-3594)

    Vulnerability from nvd – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:18034",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
              },
              {
                "name": "MDVSA-2011:183",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
              },
              {
                "name": "46376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46376"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/ticket/14636"
              },
              {
                "name": "RHSA-2011:1371",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/news/security/?id=56"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:18034",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
            },
            {
              "name": "MDVSA-2011:183",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
            },
            {
              "name": "46376",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46376"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/ticket/14636"
            },
            {
              "name": "RHSA-2011:1371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://pidgin.im/news/security/?id=56"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:18034",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
                  "refsource": "MISC",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=743481",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
                },
                {
                  "name": "MDVSA-2011:183",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
                },
                {
                  "name": "46376",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46376"
                },
                {
                  "name": "http://developer.pidgin.im/ticket/14636",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/ticket/14636"
                },
                {
                  "name": "RHSA-2011:1371",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
                },
                {
                  "name": "http://pidgin.im/news/security/?id=56",
                  "refsource": "CONFIRM",
                  "url": "http://pidgin.im/news/security/?id=56"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3594",
        "datePublished": "2011-11-04T21:00:00.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2943 (GCVE-0-2011-2943)

    Vulnerability from nvd – Published: 2011-08-29 17:00 – Updated: 2024-08-06 23:15
    VLAI
    Summary
    The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:32.003Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/news/security/?id=53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
              },
              {
                "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
              },
              {
                "name": "45663",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45663"
              },
              {
                "name": "oval:org.mitre.oval:def:18005",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
              },
              {
                "name": "pidgin-irc-protocol-dos(69340)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
              },
              {
                "name": "45916",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45916"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
              },
              {
                "name": "49268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49268"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
              },
              {
                "name": "1025961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1025961"
              },
              {
                "name": "[oss-security] 20110820 CVE request: Pidgin crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://pidgin.im/news/security/?id=53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
            },
            {
              "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
            },
            {
              "name": "45663",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45663"
            },
            {
              "name": "oval:org.mitre.oval:def:18005",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
            },
            {
              "name": "pidgin-irc-protocol-dos(69340)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
            },
            {
              "name": "45916",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45916"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
            },
            {
              "name": "49268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49268"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
            },
            {
              "name": "1025961",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1025961"
            },
            {
              "name": "[oss-security] 20110820 CVE request: Pidgin crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2943",
        "datePublished": "2011-08-29T17:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:15:32.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4528 (GCVE-0-2010-4528)

    Vulnerability from nvd – Published: 2011-01-07 11:00 – Updated: 2024-08-07 03:51
    VLAI
    Summary
    directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=665421 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2010/12/27/1 mailing-listx_refsource_MLIST
    http://developer.pidgin.im/viewmtn/revision/diff/… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2010/12/31/5 mailing-listx_refsource_MLIST
    http://www.pidgin.im/news/security/?id=49 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/45581 vdb-entryx_refsource_BID
    http://secunia.com/advisories/42877 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0028 vdb-entryx_refsource_VUPEN
    http://pidgin.im/pipermail/support/2010-December/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/42732 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0076 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0054 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/42824 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:51:17.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
              },
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
              },
              {
                "name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/?id=49"
              },
              {
                "name": "MDVSA-2010:259",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
              },
              {
                "name": "oval:org.mitre.oval:def:18461",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
              },
              {
                "name": "45581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45581"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "name": "ADV-2011-0028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0028"
              },
              {
                "name": "[support] 20101227 Pidgin 2.7.9 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
              },
              {
                "name": "42732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42732"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              },
              {
                "name": "ADV-2011-0054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0054"
              },
              {
                "name": "FEDORA-2010-19314",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
              },
              {
                "name": "FEDORA-2010-19317",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
              },
              {
                "name": "42824",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42824"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
            },
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
            },
            {
              "name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/?id=49"
            },
            {
              "name": "MDVSA-2010:259",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
            },
            {
              "name": "oval:org.mitre.oval:def:18461",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
            },
            {
              "name": "45581",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45581"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "ADV-2011-0028",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0028"
            },
            {
              "name": "[support] 20101227 Pidgin 2.7.9 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
            },
            {
              "name": "42732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42732"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "ADV-2011-0054",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0054"
            },
            {
              "name": "FEDORA-2010-19314",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
            },
            {
              "name": "FEDORA-2010-19317",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
            },
            {
              "name": "42824",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42824"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4528",
        "datePublished": "2011-01-07T11:00:00.000Z",
        "dateReserved": "2010-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:51:17.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3085 (GCVE-0-2009-3085)

    Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36601 third-party-advisoryx_refsource_SECUNIA
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.pidgin.im/news/security/index.php?id=37 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/36277 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:56.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=37"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "name": "oval:org.mitre.oval:def:6434",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
              },
              {
                "name": "oval:org.mitre.oval:def:11223",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=37"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "name": "oval:org.mitre.oval:def:6434",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
            },
            {
              "name": "oval:org.mitre.oval:def:11223",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3085",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=37",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=37"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "oval:org.mitre.oval:def:6434",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
                },
                {
                  "name": "oval:org.mitre.oval:def:11223",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3085",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:56.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3084 (GCVE-0-2009-3084)

    Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:55.740Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
              },
              {
                "name": "oval:org.mitre.oval:def:6338",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=38"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
            },
            {
              "name": "oval:org.mitre.oval:def:6338",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=38"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
                },
                {
                  "name": "oval:org.mitre.oval:def:6338",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=38",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=38"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3084",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:55.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3083 (GCVE-0-2009-3083)

    Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:55.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/ticket/10159"
              },
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=39"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
              },
              {
                "name": "oval:org.mitre.oval:def:11852",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
              },
              {
                "name": "oval:org.mitre.oval:def:6322",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/ticket/10159"
            },
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=39"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
            },
            {
              "name": "oval:org.mitre.oval:def:11852",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
            },
            {
              "name": "oval:org.mitre.oval:def:6322",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3083",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://developer.pidgin.im/ticket/10159",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/ticket/10159"
                },
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=39",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=39"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
                },
                {
                  "name": "oval:org.mitre.oval:def:11852",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
                },
                {
                  "name": "oval:org.mitre.oval:def:6322",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3083",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:55.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2703 (GCVE-0-2009-2703)

    Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36601 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.pidgin.im/news/security/index.php?id=40 x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/36277 vdb-entryx_refsource_BID
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "name": "oval:org.mitre.oval:def:6435",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=40"
              },
              {
                "name": "oval:org.mitre.oval:def:11379",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "name": "oval:org.mitre.oval:def:6435",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=40"
            },
            {
              "name": "oval:org.mitre.oval:def:11379",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "oval:org.mitre.oval:def:6435",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=40",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=40"
                },
                {
                  "name": "oval:org.mitre.oval:def:11379",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2703",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3594 (GCVE-0-2011-3594)

    Vulnerability from cvelistv5 – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:18034",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
              },
              {
                "name": "MDVSA-2011:183",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
              },
              {
                "name": "46376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46376"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/ticket/14636"
              },
              {
                "name": "RHSA-2011:1371",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/news/security/?id=56"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:18034",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
            },
            {
              "name": "MDVSA-2011:183",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
            },
            {
              "name": "46376",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46376"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/ticket/14636"
            },
            {
              "name": "RHSA-2011:1371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://pidgin.im/news/security/?id=56"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:18034",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
                  "refsource": "MISC",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=743481",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
                },
                {
                  "name": "MDVSA-2011:183",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
                },
                {
                  "name": "46376",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46376"
                },
                {
                  "name": "http://developer.pidgin.im/ticket/14636",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/ticket/14636"
                },
                {
                  "name": "RHSA-2011:1371",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
                },
                {
                  "name": "http://pidgin.im/news/security/?id=56",
                  "refsource": "CONFIRM",
                  "url": "http://pidgin.im/news/security/?id=56"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3594",
        "datePublished": "2011-11-04T21:00:00.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2943 (GCVE-0-2011-2943)

    Vulnerability from cvelistv5 – Published: 2011-08-29 17:00 – Updated: 2024-08-06 23:15
    VLAI
    Summary
    The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:32.003Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/news/security/?id=53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
              },
              {
                "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
              },
              {
                "name": "45663",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45663"
              },
              {
                "name": "oval:org.mitre.oval:def:18005",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
              },
              {
                "name": "pidgin-irc-protocol-dos(69340)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
              },
              {
                "name": "45916",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45916"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
              },
              {
                "name": "49268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49268"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
              },
              {
                "name": "1025961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1025961"
              },
              {
                "name": "[oss-security] 20110820 CVE request: Pidgin crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://pidgin.im/news/security/?id=53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
            },
            {
              "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
            },
            {
              "name": "45663",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45663"
            },
            {
              "name": "oval:org.mitre.oval:def:18005",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
            },
            {
              "name": "pidgin-irc-protocol-dos(69340)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
            },
            {
              "name": "45916",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45916"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
            },
            {
              "name": "49268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49268"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
            },
            {
              "name": "1025961",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1025961"
            },
            {
              "name": "[oss-security] 20110820 CVE request: Pidgin crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2943",
        "datePublished": "2011-08-29T17:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:15:32.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4528 (GCVE-0-2010-4528)

    Vulnerability from cvelistv5 – Published: 2011-01-07 11:00 – Updated: 2024-08-07 03:51
    VLAI
    Summary
    directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=665421 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2010/12/27/1 mailing-listx_refsource_MLIST
    http://developer.pidgin.im/viewmtn/revision/diff/… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2010/12/31/5 mailing-listx_refsource_MLIST
    http://www.pidgin.im/news/security/?id=49 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/45581 vdb-entryx_refsource_BID
    http://secunia.com/advisories/42877 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0028 vdb-entryx_refsource_VUPEN
    http://pidgin.im/pipermail/support/2010-December/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/42732 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0076 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0054 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/42824 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:51:17.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
              },
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
              },
              {
                "name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/?id=49"
              },
              {
                "name": "MDVSA-2010:259",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
              },
              {
                "name": "oval:org.mitre.oval:def:18461",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
              },
              {
                "name": "45581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45581"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "name": "ADV-2011-0028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0028"
              },
              {
                "name": "[support] 20101227 Pidgin 2.7.9 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
              },
              {
                "name": "42732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42732"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              },
              {
                "name": "ADV-2011-0054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0054"
              },
              {
                "name": "FEDORA-2010-19314",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
              },
              {
                "name": "FEDORA-2010-19317",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
              },
              {
                "name": "42824",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42824"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
            },
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
            },
            {
              "name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/?id=49"
            },
            {
              "name": "MDVSA-2010:259",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
            },
            {
              "name": "oval:org.mitre.oval:def:18461",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
            },
            {
              "name": "45581",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45581"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "ADV-2011-0028",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0028"
            },
            {
              "name": "[support] 20101227 Pidgin 2.7.9 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
            },
            {
              "name": "42732",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42732"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "ADV-2011-0054",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0054"
            },
            {
              "name": "FEDORA-2010-19314",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
            },
            {
              "name": "FEDORA-2010-19317",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
            },
            {
              "name": "42824",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42824"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4528",
        "datePublished": "2011-01-07T11:00:00.000Z",
        "dateReserved": "2010-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:51:17.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3083 (GCVE-0-2009-3083)

    Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:55.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/ticket/10159"
              },
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=39"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
              },
              {
                "name": "oval:org.mitre.oval:def:11852",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
              },
              {
                "name": "oval:org.mitre.oval:def:6322",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/ticket/10159"
            },
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=39"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
            },
            {
              "name": "oval:org.mitre.oval:def:11852",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
            },
            {
              "name": "oval:org.mitre.oval:def:6322",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3083",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://developer.pidgin.im/ticket/10159",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/ticket/10159"
                },
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=39",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=39"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
                },
                {
                  "name": "oval:org.mitre.oval:def:11852",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
                },
                {
                  "name": "oval:org.mitre.oval:def:6322",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3083",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:55.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2703 (GCVE-0-2009-2703)

    Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36601 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.pidgin.im/news/security/index.php?id=40 x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/36277 vdb-entryx_refsource_BID
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "name": "oval:org.mitre.oval:def:6435",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=40"
              },
              {
                "name": "oval:org.mitre.oval:def:11379",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "name": "oval:org.mitre.oval:def:6435",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=40"
            },
            {
              "name": "oval:org.mitre.oval:def:11379",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "oval:org.mitre.oval:def:6435",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=40",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=40"
                },
                {
                  "name": "oval:org.mitre.oval:def:11379",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2703",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3085 (GCVE-0-2009-3085)

    Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36601 third-party-advisoryx_refsource_SECUNIA
    http://developer.pidgin.im/viewmtn/revision/info/… x_refsource_CONFIRM
    http://www.pidgin.im/news/security/index.php?id=37 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/36277 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:56.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=37"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "name": "oval:org.mitre.oval:def:6434",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
              },
              {
                "name": "oval:org.mitre.oval:def:11223",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=37"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "name": "oval:org.mitre.oval:def:6434",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
            },
            {
              "name": "oval:org.mitre.oval:def:11223",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3085",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=37",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=37"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "oval:org.mitre.oval:def:6434",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
                },
                {
                  "name": "oval:org.mitre.oval:def:11223",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3085",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:56.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3084 (GCVE-0-2009-3084)

    Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:55.740Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
              },
              {
                "name": "oval:org.mitre.oval:def:6338",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pidgin.im/news/security/index.php?id=38"
              },
              {
                "name": "36277",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
            },
            {
              "name": "oval:org.mitre.oval:def:6338",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pidgin.im/news/security/index.php?id=38"
            },
            {
              "name": "36277",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36601",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36601"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
                },
                {
                  "name": "oval:org.mitre.oval:def:6338",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
                },
                {
                  "name": "http://www.pidgin.im/news/security/index.php?id=38",
                  "refsource": "CONFIRM",
                  "url": "http://www.pidgin.im/news/security/index.php?id=38"
                },
                {
                  "name": "36277",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36277"
                },
                {
                  "name": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95",
                  "refsource": "CONFIRM",
                  "url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3084",
        "datePublished": "2009-09-08T18:00:00.000Z",
        "dateReserved": "2009-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:55.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }