5
CVE-2009-3084
- EPSS 2.52%
- Veröffentlicht 08.09.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:10:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.52% | 0.828 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/36601
http://www.securityfocus.com/bid/36277
http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c
http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95
http://www.pidgin.im/news/security/index.php?id=38
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338