CVE-2009-3084

EPSS 1.38%
Veröffentlicht 08.09.2009 18:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pidgin ≫ Pidgin Version <= 2.6.1

Pidgin ≫ Pidgin Version2.0.0

Pidgin ≫ Pidgin Version2.0.1

Pidgin ≫ Pidgin Version2.0.2

Pidgin ≫ Pidgin Version2.0.2 Editionlinux

Pidgin ≫ Pidgin Version2.1.0

Pidgin ≫ Pidgin Version2.1.1

Pidgin ≫ Pidgin Version2.2.0

Pidgin ≫ Pidgin Version2.2.1

Pidgin ≫ Pidgin Version2.2.2

Pidgin ≫ Pidgin Version2.3.0

Pidgin ≫ Pidgin Version2.3.1

Pidgin ≫ Pidgin Version2.4.0

Pidgin ≫ Pidgin Version2.4.0 Update32_bit

Pidgin ≫ Pidgin Version2.4.1

Pidgin ≫ Pidgin Version2.4.1 Update32_bit

Pidgin ≫ Pidgin Version2.4.2

Pidgin ≫ Pidgin Version2.4.2 Update32_bit

Pidgin ≫ Pidgin Version2.4.3

Pidgin ≫ Pidgin Version2.4.3 Update32_bit

Pidgin ≫ Pidgin Version2.5.0

Pidgin ≫ Pidgin Version2.5.0 Update32_bit

Pidgin ≫ Pidgin Version2.5.1

Pidgin ≫ Pidgin Version2.5.2

Pidgin ≫ Pidgin Version2.5.2 Update32_bit

Pidgin ≫ Pidgin Version2.5.3

Pidgin ≫ Pidgin Version2.5.3 Update32_bit

Pidgin ≫ Pidgin Version2.5.4

Pidgin ≫ Pidgin Version2.5.4 Update32_bit

Pidgin ≫ Pidgin Version2.5.5

Pidgin ≫ Pidgin Version2.5.5 Update32_bit

Pidgin ≫ Pidgin Version2.5.6

Pidgin ≫ Pidgin Version2.5.7

Pidgin ≫ Pidgin Version2.5.8

Pidgin ≫ Pidgin Version2.5.9

Pidgin ≫ Pidgin Version2.6.0

Pidgin ≫ Libpurple Version2.6.0

Pidgin ≫ Libpurple Version2.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.38%	0.785

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/36601

Vendor Advisory

http://www.securityfocus.com/bid/36277

http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c

Patch

Vendor Advisory

http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95

Patch

Vendor Advisory

http://www.pidgin.im/news/security/index.php?id=38

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338

https://nvd.nist.gov/vuln/detail/CVE-2009-3084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3084

EUVD