Lucene search

[email protected]NVD:CVE-2013-6487

HistoryFeb 06, 2014 - 5:00 p.m.

CVE-2013-6487

2014-02-0617:00:05

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

Affected configurations

NVD

Node

pidginpidginRange≤2.10.7

pidginpidginMatch2.0.0

pidginpidginMatch2.0.1

pidginpidginMatch2.0.2

pidginpidginMatch2.0.2linux

pidginpidginMatch2.1.0

pidginpidginMatch2.1.1

pidginpidginMatch2.10.0

pidginpidginMatch2.10.1

pidginpidginMatch2.10.2

pidginpidginMatch2.10.3

pidginpidginMatch2.10.4

pidginpidginMatch2.10.5

pidginpidginMatch2.10.6

References

advisories.mageia.org/MGASA-2014-0074.html

hg.pidgin.im/pidgin/main/rev/ec15aa187aa0

libgadu.net/releases/1.11.3.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html

lists.opensuse.org/opensuse-updates/2014-02/msg00039.html

lists.opensuse.org/opensuse-updates/2014-03/msg00005.html

vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html

www.debian.org/security/2014/dsa-2852

www.debian.org/security/2014/dsa-2859

www.mandriva.com/security/advisories?name=MDVSA-2014:039

www.pidgin.im/news/security/?id=82

www.securityfocus.com/bid/65188

www.ubuntu.com/usn/USN-2100-1

www.ubuntu.com/usn/USN-2101-1

rhn.redhat.com/errata/RHSA-2014-0139.html

security.gentoo.org/glsa/201508-02

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for NVD:CVE-2013-6487

nessus22 openvas29 ubuntucve1 cve1 talos1 securityvulns2 prion1 debiancve1 cvelist1 ubuntu2 mageia2 debian3 fedora6 gentoo2 osv2 veracode12 kaspersky1 centos1 oraclelinux1 redhat1 slackware1