PT-2013-2206 · Pidgin+3 · Libpurple+4

Published

2013-02-16

Updated

2017-09-19

CVE-2013-0273

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.7

Description The issue is related to the Sametime protocol plugin in libpurple, where the sametime.c file does not properly terminate long user IDs. This allows remote servers to cause a denial of service, resulting in an application crash, via a crafted packet.

Recommendations For versions prior to 2.10.7, update to version 2.10.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sametime protocol plugin until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0646

CVE-2013-0273

OPENSUSE-SU-2013_0405-1

OPENSUSE-SU-2013_0407-1

OPENSUSE-SU-2013_0511-1

OPENSUSE-SU-2024:10432-1

RHSA-2013:0646

RHSA-2013_0646

Affected Products

Centos

Pidgin

Red Hat

Suse

Libpurple

PT-2013-2206 · Pidgin+3 · Libpurple+4

CVE-2013-0273

Related Identifiers

Affected Products

References · 33