PT-2014-1301 · Pidgin+4 · Pidgin+4

Ryan Pentney

Published

2014-01-30

Updated

2016-12-22

CVE-2013-6487

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue is related to an integer overflow in the Gadu-Gadu parser, which can be triggered by a large Content-Length value, potentially leading to a buffer overflow. This can allow remote attackers to have an unspecified impact. The vulnerability is also described as allowing a remote attacker to cause a denial of service or execute arbitrary code by manipulating HTTP requests to the gadu-gadu.pl domain.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the gg http watch fd function to minimize the risk of exploitation. Avoid using the vulnerable Gadu-Gadu parser until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2014-1462

BDU:2015-00086

CESA-2014_0139

CVE-2013-6487

DSA-2852-1

DSA-2859-1

MGASA-2014-0034

MGASA-2014-0074

OPENSUSE-SU-2024:10343-1

OPENSUSE-SU-2024:10432-1

RHSA-2014:0139

RHSA-2014_0139

SUSE-SU-2014_0790-1

Affected Products

Alt Linux

Centos

Pidgin

Red Hat

Suse

PT-2014-1301 · Pidgin+4 · Pidgin+4

CVE-2013-6487

Weakness Enumeration

Related Identifiers

Affected Products

References · 91