PT-2013-2206 · Pidgin+3 · Libpurple+4

Publicado

2013-02-16

Atualizado

2017-09-19

CVE-2013-0273

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.7

Description The issue is related to the Sametime protocol plugin in libpurple, where the sametime.c file does not properly terminate long user IDs. This allows remote servers to cause a denial of service, resulting in an application crash, via a crafted packet.

Recommendations For versions prior to 2.10.7, update to version 2.10.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sametime protocol plugin until the update is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CESA-2013_0646

CVE-2013-0273

OPENSUSE-SU-2013_0405-1

OPENSUSE-SU-2013_0407-1

OPENSUSE-SU-2013_0511-1

OPENSUSE-SU-2024:10432-1

RHSA-2013:0646

RHSA-2013_0646

Produtos afetados

Centos

Pidgin

Red Hat

Suse

Libpurple

PT-2013-2206 · Pidgin+3 · Libpurple+4

CVE-2013-0273

Identificadores relacionados

Produtos afetados

Referências · 33