Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12234
HistorySep 08, 2009 - 12:00 a.m.

Pidgin Libpurple库多个拒绝服务漏洞

2009-09-0800:00:00
Root
www.seebug.org
14

0.005 Low

EPSS

Percentile

74.9%

JSON

BUGTRAQ ID: 36277
CVE(CAN) ID: CVE-2009-2703

Pidgin是支持多种协议的即时通讯客户端。

远程攻击者可以通过向Pidgin的libpurple库提交各种恶意会话消息导致拒绝服务。

  1. XMPP协议实现中的错误可能在将恶意的表情符号处理为出错响应时导致崩溃。

  2. MSN协议实现中转换硬写入消息的编码时存在错误,如果错误的使用了未初始化的变量就可能导致崩溃。

  3. MSN协议插件从入站的SLP invite消息中获得某些字段,如果其中缺少某些字段协议插件就会试图引用空指针,导致崩溃。

  4. IRC协议处理中存在空指针引用,从恶意的IRC服务器接收到特制的IRC TOPIC消息就会导致拒绝服务。

Pidgin 2.x
厂商补丁:

Pidgin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8
http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95
http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd
http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3

Related

debiancve 1
cve 1
veracode 1
prion 1
ubuntucve 1
nessus 11
openvas 33
redhat 2
oraclelinux 2
centos 2
fedora 5
ubuntu 1
securityvulns 1
debiancve
debiancve
CVE-2009-2703
2009-09-08 18:30:00
cve
cve
CVE-2009-2703
2009-09-08 18:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:36:04
prion
prion
Null pointer dereference
2009-09-08 18:30:00
ubuntucve
ubuntucve
CVE-2009-2703
2009-09-08 00:00:00
nessus
nessus
RHEL 3 : pidgin (RHSA-2009:1535)
2009-10-30 00:00:00
Scientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 3 : pidgin (ELSA-2009-1535)
2013-07-12 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1535 (pidgin)
2009-11-11 00:00:00
RedHat Security Advisory RHSA-2009:1535
2009-11-11 00:00:00
RedHat Security Advisory RHSA-2009:1535
2009-11-11 00:00:00
redhat
redhat
(RHSA-2009:1535) Moderate: pidgin security update
2009-10-29 00:00:00
(RHSA-2009:1453) Moderate: pidgin security update
2009-09-21 00:00:00
oraclelinux
oraclelinux
pidgin security update
2009-10-29 00:00:00
pidgin security update
2009-09-21 00:00:00
centos
centos
pidgin security update
2009-10-29 19:14:53
finch, libpurple, pidgin security update
2009-09-22 13:47:28
fedora
fedora
[SECURITY] Fedora 11 Update: pidgin-2.6.3-2.fc11
2009-10-21 00:50:54
[SECURITY] Fedora 10 Update: pidgin-2.6.3-2.fc10
2009-10-21 00:56:06
[SECURITY] Fedora 11 Update: pidgin-2.6.5-1.fc11
2010-01-12 20:51:38
ubuntu
ubuntu
Pidgin vulnerabilities
2010-01-18 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:230 ] pidgin
2009-09-14 00:00:00

0.005 Low

EPSS

Percentile

74.9%

JSON
Related for SSV:12234
debiancve1cve1veracode1prion1ubuntucve1nessus11openvas33redhat2oraclelinux2centos2fedora5ubuntu1securityvulns1