Main Vulnerability Database Vulnerabilities #VU32792

Resource management error in Pidgin - CVE-2012-2214

Published: July 3, 2012 / Updated: July 28, 2020

Vulnerability identifier: #VU32792

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-2214

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: pidgin.im

Affected software:
Pidgin

Detailed vulnerability description

The vulnerability allows a remote #AU# to perform service disruption.

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.

How to mitigate CVE-2012-2214

Install update from vendor's website.

Sources

http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb
http://pidgin.im/news/security/?id=62
http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886

Resource management error in Pidgin - CVE-2012-2214

Detailed vulnerability description

How to mitigate CVE-2012-2214

Sources

Please verify you're human