Published: 09/01/2010 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

slp.c in the MSN protocol plugin in libpurple in Pidgin prior to 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.5.9
pidgin pidgin 2.5.8
pidgin pidgin 2.5.6
pidgin pidgin 2.5.7
pidgin pidgin
pidgin pidgin 2.4.3
pidgin pidgin 2.3.1
pidgin pidgin 2.0.2
pidgin pidgin 2.0.1
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.6.0
pidgin pidgin 2.4.0
pidgin pidgin 2.2.1
pidgin pidgin 2.2.2
pidgin pidgin 2.5.2
pidgin pidgin 2.5.3
pidgin pidgin 2.6.2
pidgin pidgin 2.6.1
pidgin pidgin 2.3.0
pidgin pidgin 2.2.0
pidgin pidgin 2.0.0
pidgin pidgin 2.6.4
adium adium 1.3.8
pidgin pidgin 2.5.4
pidgin pidgin 2.5.5
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.1.1
pidgin pidgin 2.1.0

Synopsis Moderate: pidgin security update Type/Severity Security Advisory: Moderate Topic Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service (CVE-2010-0277) ...

Debian Bug report logs - #572946 qutecom: multiple vulnerabilities Package: qutecom; Maintainer for qutecom is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for qutecom is src:qutecom (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Sun, 7 Mar 2010 19:4 ...

Debian Bug report logs - #566775 pidgin: CVE-2010-0277 denial-of-service Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Mon, 25 Jan 2010 02:21:01 UTC Severity: important Tags ...

CWE-399 http://www.openwall.com/lists/oss-security/2010/01/07/2 http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://secunia.com/advisories/38640 http://www.securityfocus.com/bid/38294 http://www.ubuntu.com/usn/USN-902-1 http://secunia.com/advisories/38658 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html http://secunia.com/advisories/38563 http://pidgin.im/news/security/?id=43 http://www.mandriva.com/security/advisories?name=MDVSA-2010:041 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html https://bugzilla.redhat.com/show_bug.cgi?id=554335 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html http://secunia.com/advisories/38712 https://rhn.redhat.com/errata/RHSA-2010-0115.html http://www.vupen.com/english/advisories/2010/0413 http://developer.pidgin.im/wiki/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38915 http://www.vupen.com/english/advisories/2010/1020 http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 http://secunia.com/advisories/41868 http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn http://www.vupen.com/english/advisories/2010/2693 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348 https://access.redhat.com/errata/RHSA-2010:0115 https://usn.ubuntu.com/902-1/https://nvd.nist.gov

CVE-2010-0277

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect