CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.8%
The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple remote buffer overflow vulnerabilities :
A buffer overflow issue in the βdecrypt_out()β function can be exploited through specially crafted βQQβ packets. (CVE-2009-1374)
A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if itβs exactly full and then more bytes are added to it. (CVE-2009-1375)
A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)
An integer-overflow issue exists in the application due to a n incorrect typecasting of βint64β to βsize_tβ. (CVE-2009-1376)
Successful exploitation could allow an attacker to execute arbitrary code on the remote host.
Binary data 5032.prm