Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-6487

Published: 06/02/2014 Updated: 22/12/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Pidgin

Vulnerability Summary

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin prior to 2.10.8 allows remote malicious users to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

pidgin pidgin 2.10.2

pidgin pidgin 2.10.1

pidgin pidgin 2.0.0

pidgin pidgin 2.10.6

pidgin pidgin 2.10.5

pidgin pidgin 2.1.0

pidgin pidgin 2.0.2

pidgin pidgin

pidgin pidgin 2.10.0

pidgin pidgin 2.1.1

pidgin pidgin 2.10.4

pidgin pidgin 2.10.3

pidgin pidgin 2.0.1

Vendor Advisories

Ubuntu Security Notice: pidgin vulnerabilities
Several security issues were fixed in Pidgin ...
Ubuntu Security Notice: libgadu vulnerability
libgadu could be made to crash or run programs if it received specially crafted network traffic ...
Debian Security Advisories: DSA-2859-1 pidgin -- several vulnerabilities
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows CVE-2013-6479 ...
Debian Security Advisories: DSA-2852-1 libgadu -- heap-based buffer overflow
Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow Attackers which impersonate the server could crash clients and potentially execute arbitrary code For the oldstable distribution (squeeze), this problem has been fixed in ...
Red Hat: CVE-2013-6487
Integer overflow in libpurple/protocols/gg/lib/httpc in the Gadu-Gadu (gg) parser in Pidgin before 2108 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow ...

References

CWE-189http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0http://www.pidgin.im/news/security/?id=82http://libgadu.net/releases/1.11.3.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:039http://www.ubuntu.com/usn/USN-2101-1http://advisories.mageia.org/MGASA-2014-0074.htmlhttp://www.debian.org/security/2014/dsa-2852http://www.securityfocus.com/bid/65188http://www.debian.org/security/2014/dsa-2859https://rhn.redhat.com/errata/RHSA-2014-0139.htmlhttp://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.htmlhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00039.htmlhttp://www.ubuntu.com/usn/USN-2100-1http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.htmlhttps://security.gentoo.org/glsa/201508-02https://nvd.nist.govhttps://usn.ubuntu.com/2100-1/https://access.redhat.com/security/cve/cve-2013-6487
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook