5

CVE-2010-1624

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version < 2.7.0
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.59% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c
Broken Link
http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b
Broken Link
http://secunia.com/advisories/39801
Vendor Advisory
Not Applicable
http://secunia.com/advisories/41899
Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2010:097
Broken Link
http://www.pidgin.im/news/security/index.php?id=46
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0788.html
Third Party Advisory
http://www.securityfocus.com/bid/40138
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-1014-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1141
Vendor Advisory
Permissions Required
http://www.vupen.com/english/advisories/2010/2755
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=589973
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/58559
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547
Third Party Advisory