PT-2009-1045 · Pidgin+2 · Libpurple+3

Publicado

2009-09-08

·

Atualizado

2017-09-19

·

CVE-2009-3083

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.6.2
Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved through an SLP invite message lacking certain required fields. The vulnerability has been demonstrated with a malformed message from a KMess client. The issue affects the MSN protocol plugin in libpurple.
Recommendations For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the handling of SLP invite messages to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-06114
BDU:2015-06115
BDU:2015-06116
CVE-2009-3083
DSA-2038-1
OPENSUSE-SU-2024:10432-1
RHSA-2009:1453
RHSA-2009:1535
RHSA-2009_1453

Produtos afetados

Kmess
Pidgin
Red Hat
Libpurple