pidgin - denial of service

2010-04-1800:00:00

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.229 Low

EPSS

Percentile

95.9%

JSON

Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-0420
Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
CVE-2010-0423
Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft’s servers for MSN have changed the protocol,
making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the
repositories of www.backports.org.

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny6.

For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.

We recommend that you upgrade your pidgin package.

CPENameOperatorVersion
pidgineq2.4.3-4
pidgineq2.4.3-4lenny1
pidgineq2.4.3-4lenny1~bpo40+1
pidgineq2.4.3-4lenny1~volatile0
pidgineq2.4.3-4lenny2
pidgineq2.4.3-4lenny2~bpo40+1
pidgineq2.4.3-4lenny3
pidgineq2.4.3-4lenny3~bpo40+1
pidgineq2.4.3-4lenny4
pidgineq2.4.3-4lenny4~bpo40+1

Name	Operator	Version
pidgin	eq	2.4.3-4
pidgin	eq	2.4.3-4lenny1
pidgin	eq	2.4.3-4lenny1~bpo40+1
pidgin	eq	2.4.3-4lenny1~volatile0
pidgin	eq	2.4.3-4lenny2
pidgin	eq	2.4.3-4lenny2~bpo40+1
pidgin	eq	2.4.3-4lenny3
pidgin	eq	2.4.3-4lenny3~bpo40+1
pidgin	eq	2.4.3-4lenny4
pidgin	eq	2.4.3-4lenny4~bpo40+1