Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for libpurple by pidgin
CVE-2011-3594 (GCVE-0-2011-3594)
Vulnerability from nvd – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
VLAI
Summary
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=743481 | x_refsource_MISC |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/46376 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/ticket/14636 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2011-13… | vendor-advisoryx_refsource_REDHAT |
| http://pidgin.im/news/security/?id=56 | x_refsource_CONFIRM |
Date Public
2011-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
"refsource": "MISC",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743481",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46376"
},
{
"name": "http://developer.pidgin.im/ticket/14636",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"name": "http://pidgin.im/news/security/?id=56",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3594",
"datePublished": "2011-11-04T21:00:00.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2943 (GCVE-0-2011-2943)
Vulnerability from nvd – Published: 2011-08-29 17:00 – Updated: 2024-08-06 23:15
VLAI
Summary
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://pidgin.im/news/security/?id=53 | x_refsource_CONFIRM |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/08/22/2 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/45663 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/45916 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=722939 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49268 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1025961 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2011/08/20/2 | mailing-listx_refsource_MLIST |
Date Public
2011-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2943",
"datePublished": "2011-08-29T17:00:00.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:32.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4528 (GCVE-0-2010-4528)
Vulnerability from nvd – Published: 2011-01-07 11:00 – Updated: 2024-08-07 03:51
VLAI
Summary
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2010-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42824"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4528",
"datePublished": "2011-01-07T11:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3085 (GCVE-0-2009-3085)
Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.pidgin.im/news/security/index.php?id=37 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=37",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3085",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3084 (GCVE-0-2009-3084)
Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.pidgin.im/news/security/index.php?id=38 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=38",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3084",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:55.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3083 (GCVE-0-2009-3083)
Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://developer.pidgin.im/ticket/10159 | x_refsource_CONFIRM |
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pidgin.im/news/security/index.php?id=39 | x_refsource_CONFIRM |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.pidgin.im/ticket/10159",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=39",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3083",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:55.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2703 (GCVE-0-2009-2703)
Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:59
VLAI
Summary
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.pidgin.im/news/security/index.php?id=40 | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2703",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:59:56.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3594 (GCVE-0-2011-3594)
Vulnerability from cvelistv5 – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
VLAI
Summary
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=743481 | x_refsource_MISC |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/46376 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/ticket/14636 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2011-13… | vendor-advisoryx_refsource_REDHAT |
| http://pidgin.im/news/security/?id=56 | x_refsource_CONFIRM |
Date Public
2011-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18034",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18034"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
"refsource": "MISC",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743481",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743481"
},
{
"name": "MDVSA-2011:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
},
{
"name": "46376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46376"
},
{
"name": "http://developer.pidgin.im/ticket/14636",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/14636"
},
{
"name": "RHSA-2011:1371",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
},
{
"name": "http://pidgin.im/news/security/?id=56",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3594",
"datePublished": "2011-11-04T21:00:00.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2943 (GCVE-0-2011-2943)
Vulnerability from cvelistv5 – Published: 2011-08-29 17:00 – Updated: 2024-08-06 23:15
VLAI
Summary
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://pidgin.im/news/security/?id=53 | x_refsource_CONFIRM |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/08/22/2 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/45663 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/45916 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=722939 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49268 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1025961 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2011/08/20/2 | mailing-listx_refsource_MLIST |
Date Public
2011-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pidgin.im/news/security/?id=53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43"
},
{
"name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/2"
},
{
"name": "45663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45663"
},
{
"name": "oval:org.mitre.oval:def:18005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005"
},
{
"name": "pidgin-irc-protocol-dos(69340)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69340"
},
{
"name": "45916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722939"
},
{
"name": "49268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c"
},
{
"name": "1025961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "[oss-security] 20110820 CVE request: Pidgin crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2943",
"datePublished": "2011-08-29T17:00:00.000Z",
"dateReserved": "2011-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:32.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4528 (GCVE-0-2010-4528)
Vulnerability from cvelistv5 – Published: 2011-01-07 11:00 – Updated: 2024-08-07 03:51
VLAI
Summary
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2010-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421"
},
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c"
},
{
"name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 \u003c= x \u003c= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/31/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=49"
},
{
"name": "MDVSA-2010:259",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259"
},
{
"name": "oval:org.mitre.oval:def:18461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031"
},
{
"name": "45581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45581"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "ADV-2011-0028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0028"
},
{
"name": "[support] 20101227 Pidgin 2.7.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://pidgin.im/pipermail/support/2010-December/009251.html"
},
{
"name": "42732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42732"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "ADV-2011-0054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0054"
},
{
"name": "FEDORA-2010-19314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html"
},
{
"name": "FEDORA-2010-19317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html"
},
{
"name": "42824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42824"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4528",
"datePublished": "2011-01-07T11:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3083 (GCVE-0-2009-3083)
Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://developer.pidgin.im/ticket/10159 | x_refsource_CONFIRM |
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pidgin.im/news/security/index.php?id=39 | x_refsource_CONFIRM |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.pidgin.im/ticket/10159",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/ticket/10159"
},
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=39",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=39"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c"
},
{
"name": "oval:org.mitre.oval:def:11852",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd"
},
{
"name": "oval:org.mitre.oval:def:6322",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3083",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:55.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2703 (GCVE-0-2009-2703)
Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:59
VLAI
Summary
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.pidgin.im/news/security/index.php?id=40 | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "oval:org.mitre.oval:def:6435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=40"
},
{
"name": "oval:org.mitre.oval:def:11379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2703",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:59:56.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3085 (GCVE-0-2009-3085)
Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
| http://www.pidgin.im/news/security/index.php?id=37 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=37",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3085",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3084 (GCVE-0-2009-3084)
Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 06:14
VLAI
Summary
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36601 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.pidgin.im/viewmtn/revision/diff/… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.pidgin.im/news/security/index.php?id=38 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36277 | vdb-entryx_refsource_BID |
| http://developer.pidgin.im/viewmtn/revision/info/… | x_refsource_CONFIRM |
Date Public
2009-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c"
},
{
"name": "oval:org.mitre.oval:def:6338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=38",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=38"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3084",
"datePublished": "2009-09-08T18:00:00.000Z",
"dateReserved": "2009-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:55.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}