PT-2014-1293 · Pidgin+4 · Libpurple+5

Daniel Atallah

·

Publicado

2014-01-30

·

Atualizado

2014-04-09

·

CVE-2014-0020

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8
Description The issue is related to the IRC protocol plugin in libpurple, which does not validate argument counts. This allows remote IRC servers to cause a denial of service, resulting in the application crashing, by sending a specially crafted message.
Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted IRC servers to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2014-1462
BDU:2015-00078
CESA-2014_0139
CVE-2014-0020
DSA-2859-1
MGASA-2014-0034
OPENSUSE-SU-2024:10432-1
RHSA-2014:0139
RHSA-2014_0139

Produtos afetados

Alt Linux
Centos
Pidgin
Red Hat
Suse
Libpurple