Null pointer dereference

2010-05-1419:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.096 Low

EPSS

Percentile

94.6%

JSON

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

CPENameOperatorVersion
ubuntu_linuxeq10.10
ubuntu_linuxeq9.10
ubuntu_linuxeq8.04
ubuntu_linuxeq10.04
pidginlt2.7.0

Name	Operator	Version
ubuntu_linux	eq	10.10
ubuntu_linux	eq	9.10
ubuntu_linux	eq	8.04
ubuntu_linux	eq	10.04
pidgin	lt	2.7.0

References

developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c

developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b

secunia.com/advisories/39801

secunia.com/advisories/41899

www.mandriva.com/security/advisories?name=MDVSA-2010:097

www.pidgin.im/news/security/index.php?id=46

www.redhat.com/support/errata/RHSA-2010-0788.html

www.securityfocus.com/bid/40138

www.ubuntu.com/usn/USN-1014-1

www.vupen.com/english/advisories/2010/1141

www.vupen.com/english/advisories/2010/2755

bugzilla.redhat.com/show_bug.cgi?id=589973

exchange.xforce.ibmcloud.com/vulnerabilities/58559