Lucene search

Veracode Vulnerability DatabaseVERACODE:18552

HistoryMay 02, 2019 - 6:43 a.m.

Denial Of Service (DoS)

2019-05-0206:43:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Pidgin is vulnerable to denial of service attacks. A remote unauthenticated attacker could exploit the vulnerable libpurple library to cause denial of service conditions via a large length value in an emoticon response.

CPENameOperatorVersion
pidgineq2.10.7__25.el7
pidgineq2.10.7__25.el7

CPE	Name	Operator	Version
	pidgin	eq	2.10.7__25.el7
	pidgin	eq	2.10.7__25.el7

References

hg.pidgin.im/pidgin/main/rev/6436e14bdb9d

lists.opensuse.org/opensuse-updates/2014-11/msg00023.html

lists.opensuse.org/opensuse-updates/2014-11/msg00037.html

pidgin.im/news/security/?id=87

secunia.com/advisories/60741

secunia.com/advisories/61968

www.debian.org/security/2014/dsa-3055

www.ubuntu.com/usn/USN-2390-1

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

access.redhat.com/errata/RHSA-2017:1854

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1369526

bugzilla.redhat.com/show_bug.cgi?id=1439296

bugzilla.redhat.com/show_bug.cgi?id=1445921

bugzilla.redhat.com/show_bug.cgi?id=1446368

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:18552