PT-2014-1297 · Pidgin+4 · Pidgin+4

Yves Younan

Publicado

2014-01-30

Atualizado

2014-04-09

CVE-2013-6490

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue concerns the SIMPLE protocol functionality, which allows remote attackers to have an impact via a negative Content-Length header, triggering a buffer overflow. This can potentially lead to a denial of service or execution of arbitrary code by manipulating message headers.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIMPLE protocol functionality until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-1462

BDU:2015-00082

CESA-2014_0139

CVE-2013-6490

DSA-2859-1

DSA-2859-2

MGASA-2014-0034

RHSA-2014:0139

RHSA-2014_0139

Produtos afetados

Alt Linux

Centos

Pidgin

Red Hat

Suse

PT-2014-1297 · Pidgin+4 · Pidgin+4

CVE-2013-6490

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 73