6.8

CVE-2008-2927

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.4.2
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.2.0
PidginPidgin Version2.2.1
PidginPidgin Version2.2.2
PidginPidgin Version2.3.0
PidginPidgin Version2.3.1
PidginPidgin Version2.4.0
PidginPidgin Version2.4.1
AdiumAdium Version <= 1.2.7
AdiumAdium Version1.0
AdiumAdium Version1.0.1
AdiumAdium Version1.0.2
AdiumAdium Version1.0.3
AdiumAdium Version1.0.4
AdiumAdium Version1.0.5
AdiumAdium Version1.1
AdiumAdium Version1.1.1
AdiumAdium Version1.1.2
AdiumAdium Version1.1.3
AdiumAdium Version1.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.33% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/32859
http://www.ubuntu.com/usn/USN-675-1
http://secunia.com/advisories/31387
Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.securityfocus.com/archive/1/495165/100/0/threaded
https://issues.rpath.com/browse/RPL-2647
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
http://secunia.com/advisories/30971
Vendor Advisory
http://secunia.com/advisories/31016
Vendor Advisory
http://secunia.com/advisories/31105
Vendor Advisory
http://secunia.com/advisories/31642
Vendor Advisory
http://secunia.com/advisories/32861
http://www.debian.org/security/2008/dsa-1610
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
http://www.openwall.com/lists/oss-security/2008/07/03/6
http://www.openwall.com/lists/oss-security/2008/07/04/1
http://www.pidgin.im/news/security/?id=25
http://www.redhat.com/support/errata/RHSA-2008-0584.html
http://www.securityfocus.com/archive/1/493682
http://www.securityfocus.com/archive/1/495818/100/0/threaded
http://www.securityfocus.com/bid/29956
http://www.securitytracker.com/id?1020451
http://www.ubuntu.com/usn/USN-675-2
http://www.vupen.com/english/advisories/2008/2032/references
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-054
https://bugzilla.redhat.com/show_bug.cgi?id=453764
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972