Pidgin <= 2.4.2 'msn_slplink_process_msg()' Denial of Service Vulnerability

2014-07-01T00:00:00
ID SSV:86023
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/33414/info

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.

Pidgin 2.4.1 is vulnerable; other versions may also be affected.

NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability. 

Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.

'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'