PT-2014-1295 · Pidgin+4 · Pidgin+4

Published

2014-01-30

·

Updated

2014-04-09

·

CVE-2013-6481

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8
Description The issue allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. This is due to a vulnerability in the Pidgin software, specifically in the subcomponent responsible for working with the Yahoo! protocol.
Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider disabling the Yahoo! protocol functionality until a patch is available. Restrict access to P2P messages to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1462
BDU:2015-00080
CESA-2014_0139
CVE-2013-6481
DSA-2859-1
MGASA-2014-0034
OPENSUSE-SU-2024:10432-1
RHSA-2014:0139
RHSA-2014_0139

Affected Products

Alt Linux
Centos
Pidgin
Red Hat
Suse