Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19202
HistoryMar 02, 2010 - 12:00 a.m.

Pidgin多个拒绝服务漏洞

2010-03-0200:00:00
Root
www.seebug.org
9

0.229 Low

EPSS

Percentile

96.0%

JSON

BUGTRAQ ID: 38294
CVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423

Pidgin是支持多种协议的即时通讯客户端。

Pidgin的MSN协议实现处理MSNSLP邀请的方式存在输入过滤漏洞,远程攻击者可以发送特制的INVITE请求导致拒绝服务(内存破坏和 Pidgin崩溃)。

Finch的XMPP聊天实现在使用多用户会话时存在拒绝服务漏洞。如果多用户聊天会话中的Finch用户要将昵称更改为包含有HTML br元素,就会导致Finch崩溃。

Pidgin处理表情符图形的方式存在拒绝服务漏洞。远程攻击者可以在相互通讯中向受害用户发送大量的表情符图形,导致过多的CPU使用率。

Pidgin < 2.6.6
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0115-01)以及相应补丁:
RHSA-2010:0115-01:Moderate: pidgin security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0115.html

Pidgin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://developer.pidgin.im/wiki/ChangeLog

Related

nessus 23
openvas 41
fedora 7
oraclelinux 1
ubuntu 1
redhat 1
altlinux 2
securityvulns 4
slackware 1
freebsd 1
centos 1
debian 5
osv 1
prion 3
veracode 3
ubuntucve 3
cve 3
debiancve 3
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01)
2010-03-11 00:00:00
Oracle Linux 4 : pidgin (ELSA-2010-0115)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)
2010-02-19 00:00:00
openvas
openvas
Ubuntu Update for pidgin vulnerabilities USN-902-1
2010-03-02 00:00:00
Mandriva Update for pidgin MDVSA-2010:041 (pidgin)
2010-02-19 00:00:00
Mandriva Update for mjpegtools MDVA-2010:041 (mjpegtools)
2010-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: pidgin-2.6.6-1.fc13
2010-02-20 00:13:53
[SECURITY] Fedora 12 Update: pidgin-2.6.6-1.fc12
2010-02-20 00:26:26
[SECURITY] Fedora 12 Update: pidgin-2.7.0-2.fc12
2010-05-24 19:48:53
oraclelinux
oraclelinux
pidgin security update
2010-02-18 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2010-02-22 00:00:00
redhat
redhat
(RHSA-2010:0115) Moderate: pidgin security update
2010-02-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin version 2.6.6-alt1
2010-02-22 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1
2010-06-13 00:00:00
securityvulns
securityvulns
Pidgin / Adium messenger multiple security vulnerabilities
2010-02-19 00:00:00
[ MDVSA-2010:041 ] pidgin
2010-02-19 00:00:00
HP Power Manager crossite request forgery
2011-02-14 00:00:00
slackware
slackware
[slackware-security] pidgin
2010-03-11 02:17:44
freebsd
freebsd
pidgin -- multiple remote denial of service vulnerabilities
2010-02-18 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-02-20 00:04:47
debian
debian
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:27:39
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:17:54
[SECURITY] [DSA 2038-2] New pidgin packages fix regression
2010-05-17 20:37:56
osv
osv
pidgin - denial of service
2010-04-18 00:00:00
prion
prion
Code injection
2010-02-24 18:30:00
Code injection
2010-02-24 18:30:00
Memory corruption
2010-01-09 18:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:21
Denial Of Service (DoS)
2020-04-10 00:40:21
Denial Of Service (DoS)
2020-04-10 00:40:22
ubuntucve
ubuntucve
CVE-2010-0423
2010-02-18 00:00:00
CVE-2010-0420
2010-02-18 00:00:00
CVE-2010-0277
2010-01-09 00:00:00
cve
cve
CVE-2010-0420
2010-02-24 18:30:00
CVE-2010-0423
2010-02-24 18:30:00
CVE-2010-0277
2010-01-09 18:30:00
debiancve
debiancve
CVE-2010-0420
2010-02-24 18:30:00
CVE-2010-0423
2010-02-24 18:30:00
CVE-2010-0277
2010-01-09 18:30:00

0.229 Low

EPSS

Percentile

96.0%

JSON
Related for SSV:19202
nessus23openvas41fedora7oraclelinux1ubuntu1redhat1altlinux2securityvulns4slackware1freebsd1centos1debian5osv1prion3veracode3ubuntucve3cve3debiancve3