Lucene search
RootSSV:11415HistoryMay 25, 2009 - 12:00 a.m.
Pidgin多个缓冲区溢出漏洞
2009-05-2500:00:00
Root
www.seebug.org
9
0.176 Low
EPSS
Percentile
95.6%
BUGTRAQ ID: 35067
CVE(CAN) ID: CVE-2009-1376,CVE-2009-1375,CVE-2009-1374,CVE-2009-1373
Pidgin是支持多种协议的即时通讯客户端。
Pidgin在处理各种即时消息时存在多个缓冲区溢出漏洞,可能导致拒绝服务或完全入侵用户的系统。
-
处理MSN SLP消息时的截尾错误可能导致缓冲区溢出。
-
XMPP SOCKS5 bytestream服务器在初始化出站文件传输时存在缓冲区溢出。
-
PurpleCircBuffer结构的实现中存在边界条件错误,特制的XMPP或Sametime报文可能导致内存破坏而崩溃。
-
特制的QQ报文可能导致decrypt_out()函数出现8个字节的栈溢出。
Pidgin < 2.5.6
厂商补丁:
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2009:1060-02)以及相应补丁:
RHSA-2009:1060-02:Important: pidgin security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2009-1060.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2009-1060.html</a>
Related
nessus
nessus
Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities
2004-08-18 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : pidgin vulnerabilities (USN-781-1)
2009-06-04 00:00:00
Pidgin < 2.5.6 Multiple Buffer Overflows
2009-05-22 00:00:00
openvas
openvas
Ubuntu USN-781-1 (pidgin)
2009-06-05 00:00:00
Slackware: Security Advisory (SSA:2009-146-01)
2012-09-10 00:00:00
Pidgin Multiple Buffer Overflow Vulnerabilities (Windows)
2009-06-01 00:00:00
redhat
redhat
(RHSA-2009:1060) Important: pidgin security update
2009-05-22 00:00:00
(RHSA-2009:1059) Important: pidgin security update
2009-05-22 00:00:00
oraclelinux
oraclelinux
pidgin security update
2009-05-26 00:00:00
pidgin security update
2009-05-22 00:00:00
slackware
slackware
pidgin
2009-05-26 19:19:48
freebsd
freebsd
pidgin -- multiple vulnerabilities
2009-06-03 00:00:00
securityvulns
securityvulns
Pidgin memory corruption
2009-05-26 00:00:00
[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities
2009-05-26 00:00:00
[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities
2009-05-25 00:00:00
centos
centos
finch, libpurple, pidgin security update
2009-05-22 21:24:35
pidgin security update
2009-05-22 14:04:17
ubuntu
ubuntu
Pidgin vulnerabilities
2009-06-03 00:00:00
Gaim vulnerabilities
2009-06-03 00:00:00
Pidgin vulnerabilities
2010-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: pidgin-2.5.6-1.fc10
2009-06-02 14:33:34
[SECURITY] Fedora 11 Update: pidgin-2.5.6-1.fc11
2009-06-02 14:28:31
[SECURITY] Fedora 9 Update: pidgin-2.5.6-1.fc9
2009-06-02 14:26:30
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2009-05-25 00:00:00
Pidgin: Multiple vulnerabilities
2009-10-22 00:00:00
debian
debian
[Backports-security-announce] Security Update for pidgin
2009-07-29 21:34:44
[Backports-security-announce] Security Update for pidgin
2009-07-29 21:34:46
[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities
2009-05-22 20:04:08
osv
osv
pidgin - several vulnerabilities
2009-05-22 00:00:00
pidgin - insufficient input sanitization
2009-08-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:33:21
Arbitrary Code Execution
2020-04-10 00:33:22
Arbitrary Code Execution
2020-04-10 00:33:21
cve
cve
debiancve
debiancve
prion
prion
Buffer overflow
2009-05-26 15:30:00
Buffer overflow
2009-05-26 15:30:00
Memory corruption
2009-05-26 15:30:00
ubuntucve
ubuntucve
zdi
zdi
coresecurity
coresecurity
Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
2009-08-18 00:00:00