7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.203 Low
EPSS
Percentile
96.3%
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | pidgin | <Β 2.5.6-1 | pidgin_2.5.6-1_all.deb |
Debian | 11 | all | pidgin | <Β 2.5.6-1 | pidgin_2.5.6-1_all.deb |
Debian | 10 | all | pidgin | <Β 2.5.6-1 | pidgin_2.5.6-1_all.deb |
Debian | 999 | all | pidgin | <Β 2.5.6-1 | pidgin_2.5.6-1_all.deb |
Debian | 13 | all | pidgin | <Β 2.5.6-1 | pidgin_2.5.6-1_all.deb |