From 4be3fc9402f78cbf4d7258ee8fc37cba7047d027 Mon Sep 17 00:00:00 2001 From: Martin Wilke Date: Tue, 16 Jun 2009 20:04:12 +0000 Subject: - Document pidgin -- multiple vulnerabilities PR: 135239 (based on) Submitted by: Eygene Ryabinkin --- security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 410a04474260..3eb24fbad862 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,55 @@ Note: Please add new entries to the beginning of this file. --> + + pidgin -- multiple vulnerabilities + + + pidgin + libpurple + finch + 2.5.6 + + + + +

secunia reports:

+
Some vulnerabilities and weaknesses have been reported in Pidgin, + which can be exploited by malicious people to cause a DoS or to + potentially compromise a user's system.
+
A truncation error in the processing of MSN SLP messages can be + exploited to cause a buffer overflow.
+
A boundary error in the XMPP SOCKS5 "bytestream" server when + initiating an outgoing file transfer can be exploited to cause a + buffer overflow.
+
A boundary error exists in the implementation of the + "PurpleCircBuffer" structure. This can be exploited to corrupt memory + and cause a crash via specially crafted XMPP or Sametime + packets.
+
A boundary error in the "decrypt_out()" function can be exploited + to cause a stack-based buffer overflow with 8 bytes and crash the + application via a specially crafted QQ packet.
+

+ + + + 35067 + CVE-2009-1373 + CVE-2009-1374 + CVE-2009-1375 + CVE-2009-1376 + http://secunia.com/advisories/35194/ + http://www.pidgin.im/news/security/?id=29 + http://www.pidgin.im/news/security/?id=30 + http://www.pidgin.im/news/security/?id=32 + + + 2009-06-03 + 2009-06-16 + + + git -- denial of service vulnerability -- cgit v1.2.3