PT-2009-1045 · Pidgin+2 · Libpurple+3

Published

2009-09-08

·

Updated

2017-09-19

·

CVE-2009-3083

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.6.2
Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved through an SLP invite message lacking certain required fields. The vulnerability has been demonstrated with a malformed message from a KMess client. The issue affects the MSN protocol plugin in libpurple.
Recommendations For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the handling of SLP invite messages to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-06114
BDU:2015-06115
BDU:2015-06116
CVE-2009-3083
DSA-2038-1
OPENSUSE-SU-2024:10432-1
RHSA-2009:1453
RHSA-2009:1535
RHSA-2009_1453

Affected Products

Kmess
Pidgin
Red Hat
Libpurple