Lucene search
RedhatCVE-2013-6485HistoryFeb 06, 2014 - 4:10 p.m.
CVE-2013-6485
2014-02-0616:10:58
CWE-119
redhat
web.nvd.nist.gov
35
cve-2013-6485
buffer overflow
util.c
libpurple
pidgin
denial of service
application crash
http servers
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.4
Confidence
High
EPSS
0.015
Percentile
87.0%
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.
Affected configurations
Node
pidginpidginRange≤2.10.7
ORpidginpidginMatch2.0.0
ORpidginpidginMatch2.0.1
ORpidginpidginMatch2.0.2
ORpidginpidginMatch2.1.0
ORpidginpidginMatch2.1.1
ORpidginpidginMatch2.2.0
ORpidginpidginMatch2.2.1
ORpidginpidginMatch2.2.2
ORpidginpidginMatch2.3.0
ORpidginpidginMatch2.3.1
ORpidginpidginMatch2.4.0
ORpidginpidginMatch2.4.1
ORpidginpidginMatch2.4.2
ORpidginpidginMatch2.4.3
ORpidginpidginMatch2.5.0
ORpidginpidginMatch2.5.1
ORpidginpidginMatch2.5.2
ORpidginpidginMatch2.5.3
ORpidginpidginMatch2.5.4
ORpidginpidginMatch2.5.5
ORpidginpidginMatch2.5.6
ORpidginpidginMatch2.5.7
ORpidginpidginMatch2.5.8
ORpidginpidginMatch2.5.9
ORpidginpidginMatch2.6.0
ORpidginpidginMatch2.6.1
ORpidginpidginMatch2.6.2
ORpidginpidginMatch2.6.3
ORpidginpidginMatch2.6.4
ORpidginpidginMatch2.6.5
ORpidginpidginMatch2.6.6
ORpidginpidginMatch2.7.0
ORpidginpidginMatch2.7.1
ORpidginpidginMatch2.7.2
ORpidginpidginMatch2.7.3
ORpidginpidginMatch2.7.4
ORpidginpidginMatch2.7.5
ORpidginpidginMatch2.7.6
ORpidginpidginMatch2.7.7
ORpidginpidginMatch2.7.8
ORpidginpidginMatch2.7.9
ORpidginpidginMatch2.7.10
ORpidginpidginMatch2.7.11
ORpidginpidginMatch2.8.0
ORpidginpidginMatch2.9.0
ORpidginpidginMatch2.10.0
ORpidginpidginMatch2.10.1
ORpidginpidginMatch2.10.2
ORpidginpidginMatch2.10.3
ORpidginpidginMatch2.10.4
ORpidginpidginMatch2.10.5
ORpidginpidginMatch2.10.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pidgin | pidgin | * | cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.0 | cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.1 | cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.0.2 | cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.1.0 | cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.1.1 | cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.0 | cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.1 | cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.2.2 | cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:* |
| pidgin | pidgin | 2.3.0 | cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:* |
References
hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd
lists.opensuse.org/opensuse-updates/2014-02/msg00039.html
lists.opensuse.org/opensuse-updates/2014-03/msg00005.html
pidgin.im/news/security/?id=80
www.debian.org/security/2014/dsa-2859
www.securityfocus.com/bid/65243
www.ubuntu.com/usn/USN-2100-1
rhn.redhat.com/errata/RHSA-2014-0139.html
Related
nvd
nvd
CVE-2013-6485
2014-02-06 16:10:58
prion
prion
Buffer overflow
2014-02-06 16:10:00
debiancve
debiancve
CVE-2013-6485
2014-02-06 16:10:58
ubuntucve
ubuntucve
CVE-2013-6485
2014-02-05 00:00:00
cvelist
cvelist
CVE-2013-6485
2014-02-06 15:00:00
debian
debian
[SECURITY] [DSA 2859-2] pidgin security update
2014-03-19 22:39:05
[BSA-092] Security Update for pidgin
2014-02-22 11:36:11
[SECURITY] [DSA 2859-1] pidgin security update
2014-02-10 17:30:06
osv
osv
pidgin - several
2014-02-10 00:00:00
pidgin - security update
2014-02-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2859-2)
2014-02-09 00:00:00
Debian Security Advisory DSA 2859-1 (pidgin - several vulnerabilities)
2014-02-10 00:00:00
RedHat Update for pidgin RHSA-2014:0139-01
2014-02-11 00:00:00
nessus
nessus
openSUSE Security Update : pidgin / pidgin-branding-openSUSE (openSUSE-SU-2014:0239-1)
2014-06-13 00:00:00
Debian DSA-2859-1 : pidgin - several vulnerabilities
2014-02-12 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : pidgin vulnerabilities (USN-2100-1)
2014-02-07 00:00:00
redhat
redhat
(RHSA-2014:0139) Moderate: pidgin security update
2014-02-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:11
Out-Of-Bounds Write
2019-05-02 05:01:11
BufferOverflow
2019-05-02 05:01:11
ubuntu
ubuntu
Pidgin vulnerabilities
2014-02-06 00:00:00
securityvulns
securityvulns
libgadu / libpurple / Pidgin multiple security vulnerabilities
2014-02-10 00:00:00
mageia
mageia
Updated pidgin package fixes security vulnerabilities
2014-02-05 19:31:44
fedora
fedora
[SECURITY] Fedora 20 Update: pidgin-2.10.9-1.fc20
2014-02-06 03:50:31
[SECURITY] Fedora 19 Update: pidgin-2.10.9-1.fc19
2014-02-14 08:00:10
oraclelinux
oraclelinux
pidgin security update
2014-02-05 00:00:00
centos
centos
finch, libpurple, pidgin security update
2014-02-05 19:41:13
kaspersky
kaspersky
KLA10433 Multiple vulnerabilities in Pidgin
2014-06-02 00:00:00
slackware
slackware
pidgin
2014-02-03 13:58:20
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2014-05-18 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.4
Confidence
High
EPSS
0.015
Percentile
87.0%
Related for CVE-2013-6485