CVE-2009-3615

2009-10-2017:30:00

CWE-399

[email protected]

web.nvd.nist.gov

nvd

oscar protocol

libpurple

pidgin

adium

denial of service

application crash

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

CPENameOperatorVersion
pidgin:pidginpidgineq2.5.9
adium:adiumadiumeq1.0.2
pidgin:pidginpidgineq2.5.8
adium:adiumadiumeq1.3.4
adium:adiumadiumeq1.1
adium:adiumadiumeq1.0.1
adium:adiumadiumeq1.0.5
pidgin:pidginpidgineq2.1.0
pidgin:pidginpidgineq2.6.0
adium:adiumadiumeq1.2.7

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	eq	2.5.9
adium:adium	adium	eq	1.0.2
pidgin:pidgin	pidgin	eq	2.5.8
adium:adium	adium	eq	1.3.4
adium:adium	adium	eq	1.1
adium:adium	adium	eq	1.0.1
adium:adium	adium	eq	1.0.5
pidgin:pidgin	pidgin	eq	2.1.0
pidgin:pidgin	pidgin	eq	2.6.0
adium:adium	adium	eq	1.2.7