Published: 08/09/2009 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin prior to 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin libpurple
pidgin pidgin 2.0.0
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.4.3
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.5.6
pidgin pidgin 2.1.0
pidgin pidgin 2.5.7
pidgin pidgin 2.1.1
pidgin pidgin 2.0.1
pidgin pidgin 2.3.0
pidgin pidgin 2.2.2
pidgin pidgin 2.0.2
pidgin pidgin 2.5.2
pidgin pidgin 2.5.4
pidgin pidgin 2.6.0
pidgin pidgin 2.5.5
pidgin pidgin 2.5.8
pidgin pidgin 2.5.3
pidgin pidgin 2.2.0
pidgin pidgin 2.5.9
pidgin pidgin 2.3.1
pidgin pidgin 2.2.1
pidgin pidgin

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service This issue only affected Ubuntu 804 LTS, Ubuntu 810 and Ubuntu 904 (CVE-2009-2703) ...

CWE-119 http://www.pidgin.im/news/security/index.php?id=40 http://www.securityfocus.com/bid/36277 http://secunia.com/advisories/36601 http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://usn.ubuntu.com/886-1/https://nvd.nist.gov

CVE-2009-2703

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect