5

CVE-2009-3615

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdiumAdium Version <= 1.3.6
AdiumAdium Version1.0
AdiumAdium Version1.0.1
AdiumAdium Version1.0.2
AdiumAdium Version1.0.3
AdiumAdium Version1.0.4
AdiumAdium Version1.0.5
AdiumAdium Version1.1
AdiumAdium Version1.1.1
AdiumAdium Version1.1.2
AdiumAdium Version1.1.3
AdiumAdium Version1.1.4
AdiumAdium Version1.2.7
AdiumAdium Version1.3
AdiumAdium Version1.3.1
AdiumAdium Version1.3.2
AdiumAdium Version1.3.3
AdiumAdium Version1.3.4
AdiumAdium Version1.3.5
PidginPidgin Version <= 2.6.2
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.2.0
PidginPidgin Version2.2.1
PidginPidgin Version2.2.2
PidginPidgin Version2.3.0
PidginPidgin Version2.3.1
PidginPidgin Version2.4.0
PidginPidgin Version2.4.1
PidginPidgin Version2.4.2
PidginPidgin Version2.4.3
PidginPidgin Version2.5.0
PidginPidgin Version2.5.1
PidginPidgin Version2.5.2
PidginPidgin Version2.5.3
PidginPidgin Version2.5.4
PidginPidgin Version2.5.5
PidginPidgin Version2.5.6
PidginPidgin Version2.5.7
PidginPidgin Version2.5.8
PidginPidgin Version2.5.9
PidginPidgin Version2.6.0
PidginPidgin Version2.6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.66% 0.837
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://developer.pidgin.im/wiki/ChangeLog
Patch
http://developer.pidgin.im/ticket/10481
http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0
http://secunia.com/advisories/37017
Vendor Advisory
http://secunia.com/advisories/37072
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
http://www.pidgin.im/news/security/?id=41
Vendor Advisory
http://www.securityfocus.com/bid/36719
http://www.vupen.com/english/advisories/2009/2949
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2951
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020
https://exchange.xforce.ibmcloud.com/vulnerabilities/53807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414