Published: 28/10/2010 Updated: 19/09/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

libpurple in Pidgin prior to 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.6.2
pidgin pidgin 2.5.9
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.5.3
pidgin pidgin 2.5.0
pidgin pidgin 2.6.0
pidgin pidgin 2.0.2
pidgin pidgin 2.4.3
pidgin pidgin 2.1.1
pidgin pidgin 2.6.6
pidgin pidgin 2.4.2
pidgin pidgin 2.3.1
pidgin pidgin 2.5.1
pidgin pidgin 2.6.4
pidgin pidgin 2.2.0
pidgin pidgin 2.5.6
pidgin pidgin 2.1.0
pidgin pidgin 2.0.1
pidgin pidgin 2.5.4
pidgin pidgin 2.3.0
pidgin pidgin 2.2.2
pidgin pidgin 2.6.5
pidgin pidgin 2.7.1
pidgin pidgin 2.5.7
pidgin pidgin 2.2.1
pidgin pidgin 2.6.1
pidgin pidgin 2.5.5
pidgin pidgin 2.0.0
pidgin pidgin 2.5.2
pidgin pidgin 2.5.8
pidgin pidgin 2.7.2
pidgin pidgin 2.7.0
pidgin pidgin

Synopsis Moderate: pidgin security update Type/Severity Security Advisory: Moderate Topic Updated pidgin packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnera ...

Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service This issue only affected Ubuntu 804 LTS, 910 and 1004 LTS (CVE-2010-1624) ...

CWE-20 http://www.mandriva.com/security/advisories?name=MDVSA-2010:208 http://secunia.com/advisories/41899 http://www.osvdb.org/68773 http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc http://www.vupen.com/english/advisories/2010/2754 http://pidgin.im/news/security/?id=48 https://bugzilla.redhat.com/show_bug.cgi?id=641921 http://www.vupen.com/english/advisories/2010/2753 http://secunia.com/advisories/41893 http://www.redhat.com/support/errata/RHSA-2010-0788.html http://www.vupen.com/english/advisories/2010/2755 http://securitytracker.com/id?1024623 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html http://www.vupen.com/english/advisories/2010/2870 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html http://secunia.com/advisories/42075 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352 http://www.vupen.com/english/advisories/2010/2847 http://www.vupen.com/english/advisories/2010/2851 http://secunia.com/advisories/42294 http://www.redhat.com/support/errata/RHSA-2010-0890.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html http://www.ubuntu.com/usn/USN-1014-1 http://www.securityfocus.com/bid/44283 https://exchange.xforce.ibmcloud.com/vulnerabilities/62708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506 https://access.redhat.com/errata/RHSA-2010:0788 https://usn.ubuntu.com/1014-1/https://nvd.nist.gov

CVE-2010-3711

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect