Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20213
HistoryOct 29, 2010 - 12:00 a.m.

Pidgin purple_base64_decode()函数空指针引用拒绝服务漏洞

2010-10-2900:00:00
Root
www.seebug.org
16

0.008 Low

EPSS

Percentile

79.6%

JSON

BUGTRAQ ID: 44283
CVE ID: CVE-2010-3711

Pidgin是支持多种协议的即时通讯客户端。

Pidgin所使用的libpurple库没有充分地验证Yahoo!、MSN、MySpaceIM和XMPP协议插件及NTLM认证支持中所使用的 purple_base64_decode()函数的返回值,远程攻击者可以通过base64编码的消息触发空指针引用,导致拒绝服务的情况。

Pidgin < 2.7.4
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0788-01)以及相应补丁:
RHSA-2010:0788-01:Moderate: pidgin security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0788.html

Pidgin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc

Related

debian 2
nessus 16
altlinux 2
openvas 34
prion 1
oraclelinux 3
fedora 9
debiancve 1
veracode 1
securityvulns 2
redhat 2
ubuntucve 1
cve 1
slackware 1
ubuntu 1
centos 1
debian
debian
Subject: BSA-008 Security Update for pidgin
2010-10-22 11:36:43
Subject: BSA-008 Security Update for pidgin
2010-10-22 11:19:31
nessus
nessus
Fedora 14 : pidgin-2.7.4-1.fc14 (2010-16876)
2010-10-30 00:00:00
Scientific Linux Security Update : pidgin on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : pidgin (ELSA-2010-0890)
2013-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.4-alt1
2010-10-21 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.4-alt0.M50P.1
2010-11-12 00:00:00
openvas
openvas
Mandriva Update for pidgin MDVSA-2010:208 (pidgin)
2010-10-22 00:00:00
Slackware Advisory SSA:2010-305-02 pidgin
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2010-305-02)
2012-09-10 00:00:00
prion
prion
Null pointer dereference
2010-10-28 00:00:00
oraclelinux
oraclelinux
pidgin security update
2011-02-10 00:00:00
pidgin security update
2010-10-21 00:00:00
pidgin security and bug fix update
2011-05-28 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pidgin-2.7.4-1.fc14
2010-10-29 20:43:03
[SECURITY] Fedora 14 Update: pidgin-2.7.9-1.fc14
2011-01-05 21:22:52
[SECURITY] Fedora 14 Update: pidgin-2.7.11-1.fc14
2011-03-14 10:22:15
debiancve
debiancve
CVE-2010-3711
2010-10-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:48:55
securityvulns
securityvulns
libpurple library / Pidgin DoS
2010-10-24 00:00:00
[ MDVSA-2010:208 ] pidgin
2010-10-24 00:00:00
redhat
redhat
(RHSA-2010:0890) Moderate: pidgin security update
2010-11-16 00:00:00
(RHSA-2010:0788) Moderate: pidgin security update
2010-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2010-3711
2010-10-27 00:00:00
cve
cve
CVE-2010-3711
2010-10-28 00:00:00
slackware
slackware
[slackware-security] pidgin
2010-11-02 01:47:57
ubuntu
ubuntu
Pidgin vulnerabilities
2010-11-04 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-10-21 22:51:36

0.008 Low

EPSS

Percentile

79.6%

JSON
Related for SSV:20213
debian2nessus16altlinux2openvas34prion1oraclelinux3fedora9debiancve1veracode1securityvulns2redhat2ubuntucve1cve1slackware1ubuntu1centos1