6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
87.1%
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)
A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash Pidgin
by sending a specially-crafted username. (CVE-2013-0273)
A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)
Red Hat would like to thank the Pidgin project for reporting the above
issues. Upstream acknowledges Daniel Atallah as the original reporter of
CVE-2013-0272.
All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | libpurple | <Β 2.7.9-10.el6_4.1 | libpurple-2.7.9-10.el6_4.1.x86_64.rpm |
RedHat | 5 | i386 | pidgin | <Β 2.6.6-17.el5_9.1 | pidgin-2.6.6-17.el5_9.1.i386.rpm |
RedHat | 6 | ppc | pidgin-debuginfo | <Β 2.7.9-10.el6_4.1 | pidgin-debuginfo-2.7.9-10.el6_4.1.ppc.rpm |
RedHat | 5 | x86_64 | libpurple-perl | <Β 2.6.6-17.el5_9.1 | libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm |
RedHat | 6 | src | pidgin | <Β 2.7.9-10.el6_4.1 | pidgin-2.7.9-10.el6_4.1.src.rpm |
RedHat | 5 | x86_64 | libpurple-tcl | <Β 2.6.6-17.el5_9.1 | libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm |
RedHat | 6 | x86_64 | libpurple-tcl | <Β 2.7.9-10.el6_4.1 | libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm |
RedHat | 6 | ppc64 | pidgin-devel | <Β 2.7.9-10.el6_4.1 | pidgin-devel-2.7.9-10.el6_4.1.ppc64.rpm |
RedHat | 6 | i686 | finch | <Β 2.7.9-10.el6_4.1 | finch-2.7.9-10.el6_4.1.i686.rpm |
RedHat | 5 | i386 | libpurple-tcl | <Β 2.6.6-17.el5_9.1 | libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm |