[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2528Date: (C)2010-07-30   (M)2024-02-01


The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-40699
BID-41881
OSVDB-66506
ADV-2010-1887
ADV-2010-2221
SSA:2010-240-05
http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c
http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
http://www.pidgin.im/news/security/index.php?id=47
oval:org.mitre.oval:def:18359
pidgin-xstatus-dos(60566)

CPE    32
cpe:/a:pidgin:pidgin:2.0.0
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.0.1
cpe:/a:pidgin:pidgin:2.2.0
...
CWE    1
CWE-399
OVAL    10
oval:org.secpod.oval:def:100567
oval:org.secpod.oval:def:101199
oval:org.secpod.oval:def:829
oval:org.secpod.oval:def:1000097
...

© SecPod Technologies