PT-2014-1297 · Pidgin+4 · Pidgin+4

Yves Younan

Published

2014-01-30

Updated

2014-04-09

CVE-2013-6490

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue concerns the SIMPLE protocol functionality, which allows remote attackers to have an impact via a negative Content-Length header, triggering a buffer overflow. This can potentially lead to a denial of service or execution of arbitrary code by manipulating message headers.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIMPLE protocol functionality until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1462

BDU:2015-00082

CESA-2014_0139

CVE-2013-6490

DSA-2859-1

DSA-2859-2

MGASA-2014-0034

RHSA-2014:0139

RHSA-2014_0139

Affected Products

Alt Linux

Centos

Pidgin

Red Hat

Suse

PT-2014-1297 · Pidgin+4 · Pidgin+4

CVE-2013-6490

Weakness Enumeration

Related Identifiers

Affected Products

References · 73