CVE-2010-1624

2010-05-1419:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-1624

msn protocol

libpurple

pidgin

remote authentication

denial of service

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.096 Low

EPSS

Percentile

94.7%

JSON

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

CPENameOperatorVersion
pidgin:pidginpidginlt2.7.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	lt	2.7.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04

References

developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c

developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b

secunia.com/advisories/39801

secunia.com/advisories/41899

www.mandriva.com/security/advisories?name=MDVSA-2010:097

www.pidgin.im/news/security/index.php?id=46

www.redhat.com/support/errata/RHSA-2010-0788.html

www.securityfocus.com/bid/40138

www.ubuntu.com/usn/USN-1014-1

www.vupen.com/english/advisories/2010/1141

www.vupen.com/english/advisories/2010/2755

bugzilla.redhat.com/show_bug.cgi?id=589973

exchange.xforce.ibmcloud.com/vulnerabilities/58559