Lucene search
RedhatCVE-2012-3374HistoryJul 07, 2012 - 10:21 a.m.
CVE-2012-3374
2012-07-0710:21:14
CWE-119
redhat
web.nvd.nist.gov
41
cve-2012-3374
buffer overflow
libpurple
mxit
pidgin
remote code execution
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.289
Percentile
96.9%
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
Affected configurations
Node
pidginpidginRange≤2.10.4
ORpidginpidginMatch2.0.0
ORpidginpidginMatch2.0.1
ORpidginpidginMatch2.0.2
ORpidginpidginMatch2.1.0
ORpidginpidginMatch2.1.1
ORpidginpidginMatch2.2.0
ORpidginpidginMatch2.2.1
ORpidginpidginMatch2.2.2
ORpidginpidginMatch2.3.0
ORpidginpidginMatch2.3.1
ORpidginpidginMatch2.4.0
ORpidginpidginMatch2.4.1
ORpidginpidginMatch2.4.2
ORpidginpidginMatch2.4.3
ORpidginpidginMatch2.5.0
ORpidginpidginMatch2.5.1
ORpidginpidginMatch2.5.2
ORpidginpidginMatch2.5.3
ORpidginpidginMatch2.5.4
ORpidginpidginMatch2.5.5
ORpidginpidginMatch2.5.6
ORpidginpidginMatch2.5.7
ORpidginpidginMatch2.5.8
ORpidginpidginMatch2.5.9
ORpidginpidginMatch2.6.0
ORpidginpidginMatch2.6.1
ORpidginpidginMatch2.6.2
ORpidginpidginMatch2.6.4
ORpidginpidginMatch2.6.5
ORpidginpidginMatch2.6.6
ORpidginpidginMatch2.7.0
ORpidginpidginMatch2.7.1
ORpidginpidginMatch2.7.2
ORpidginpidginMatch2.7.3
ORpidginpidginMatch2.7.4
ORpidginpidginMatch2.7.5
ORpidginpidginMatch2.7.6
ORpidginpidginMatch2.7.7
ORpidginpidginMatch2.7.8
ORpidginpidginMatch2.7.9
ORpidginpidginMatch2.7.10
ORpidginpidginMatch2.7.11
ORpidginpidginMatch2.8.0
ORpidginpidginMatch2.9.0
ORpidginpidginMatch2.10.0
ORpidginpidginMatch2.10.1
ORpidginpidginMatch2.10.2
ORpidginpidginMatch2.10.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pidgin | pidgin | * | cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.0 | cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.1 | cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.2 | cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.1.0 | cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.1.1 | cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.0 | cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.1 | cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.2 | cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.3.0 | cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:* |
References
hg.pidgin.im/pidgin/main/rev/ded93865ef42
lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html
rhn.redhat.com/errata/RHSA-2012-1102.html
secunia.com/advisories/50005
www.mandriva.com/security/advisories?name=MDVSA-2012:105
www.pidgin.im/news/security/index.php?id=64
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678
Related
nessus
nessus
Debian DSA-2509-1 : pidgin - remote code execution
2012-07-09 00:00:00
Fedora 16 : pidgin-2.10.5-1.fc16 (2012-10294)
2012-07-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201209-17 (pidgin)
2012-10-03 00:00:00
Slackware: Security Advisory (SSA:2012-195-02)
2012-09-10 00:00:00
Mandriva Update for pidgin MDVSA-2012:105 (pidgin)
2012-07-16 00:00:00
slackware
slackware
[slackware-security] pidgin
2012-07-14 18:49:01
suse
suse
Security update for pidgin, finch and libpurple (important)
2012-07-19 01:08:42
gentoo
gentoo
Pidgin: Arbitrary code execution
2012-09-27 00:00:00
cvelist
cvelist
CVE-2012-3374
2012-07-07 10:00:00
nvd
nvd
CVE-2012-3374
2012-07-07 10:21:14
ubuntucve
ubuntucve
CVE-2012-3374
2012-07-08 00:00:00
securityvulns
securityvulns
libpurple / Pidgin code execution
2012-07-11 00:00:00
[SECURITY] [DSA 2509-1] pidgin security update
2012-07-11 00:00:00
osv
osv
pidgin - remote code execution
2012-07-08 00:00:00
seebug
seebug
Pidgin 'mxit_show_message()'基于栈的缓冲区溢出漏洞
2012-07-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package pidgin version 2.10.6-alt1
2012-07-30 00:00:00
Security fix for the ALT Linux 6 package pidgin version 2.10.6-alt1.M60P.1
2012-10-25 00:00:00
debian
debian
[SECURITY] [DSA 2509-1] pidgin security update
2012-07-08 19:49:39
debiancve
debiancve
CVE-2012-3374
2012-07-07 10:21:14
prion
prion
Buffer overflow
2012-07-07 10:21:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:35
Arbitrary Code Execution
2019-05-02 04:42:35
redhat
redhat
(RHSA-2012:1102) Moderate: pidgin security update
2012-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: pidgin-2.10.5-1.fc17
2012-07-10 16:23:55
[SECURITY] Fedora 16 Update: pidgin-2.10.5-1.fc16
2012-07-14 22:01:31
centos
centos
finch, libpurple, pidgin security update
2012-07-19 16:46:55
oraclelinux
oraclelinux
pidgin security update
2012-07-19 00:00:00
pidgin security update
2013-03-14 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2012-07-09 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.289
Percentile
96.9%
Related for CVE-2012-3374