PT-2014-1295 · Pidgin+4 · Pidgin+4

Publicado

2014-01-30

·

Atualizado

2014-04-09

·

CVE-2013-6481

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8
Description The issue allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. This is due to a vulnerability in the Pidgin software, specifically in the subcomponent responsible for working with the Yahoo! protocol.
Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider disabling the Yahoo! protocol functionality until a patch is available. Restrict access to P2P messages to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-1462
BDU:2015-00080
CESA-2014_0139
CVE-2013-6481
DSA-2859-1
MGASA-2014-0034
OPENSUSE-SU-2024:10432-1
RHSA-2014:0139
RHSA-2014_0139

Produtos afetados

Alt Linux
Centos
Pidgin
Red Hat
Suse