[email protected]CVE-2010-1624

HistoryMay 14, 2010 - 7:30 p.m.

CVE-2010-1624

2010-05-1419:30:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-1624

msn protocol

libpurple

pidgin

remote authentication

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

High

0.096 Low

EPSS

Percentile

94.8%

JSON

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

Affected configurations

NVD

Node

pidginpidginRange<2.7.0

Node

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

CPENameOperatorVersion
pidgin:pidginpidginlt2.7.0

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	lt	2.7.0

References

developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c

developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b

secunia.com/advisories/39801

secunia.com/advisories/41899

www.mandriva.com/security/advisories?name=MDVSA-2010:097

www.pidgin.im/news/security/index.php?id=46

www.redhat.com/support/errata/RHSA-2010-0788.html

www.securityfocus.com/bid/40138

www.ubuntu.com/usn/USN-1014-1

www.vupen.com/english/advisories/2010/1141

www.vupen.com/english/advisories/2010/2755

bugzilla.redhat.com/show_bug.cgi?id=589973

exchange.xforce.ibmcloud.com/vulnerabilities/58559