7.5

CVE-2013-6487

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.10.7
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.0.2 Editionlinux
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.10.0
PidginPidgin Version2.10.1
PidginPidgin Version2.10.2
PidginPidgin Version2.10.3
PidginPidgin Version2.10.4
PidginPidgin Version2.10.5
PidginPidgin Version2.10.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.17% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html
http://www.ubuntu.com/usn/USN-2100-1
https://rhn.redhat.com/errata/RHSA-2014-0139.html
http://www.debian.org/security/2014/dsa-2859
http://advisories.mageia.org/MGASA-2014-0074.html
http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0
Vendor Advisory
http://libgadu.net/releases/1.11.3.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html
http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html
http://www.debian.org/security/2014/dsa-2852
http://www.mandriva.com/security/advisories?name=MDVSA-2014:039
http://www.pidgin.im/news/security/?id=82
Vendor Advisory
http://www.securityfocus.com/bid/65188
http://www.ubuntu.com/usn/USN-2101-1
https://security.gentoo.org/glsa/201508-02