Input validation error in Pidgin - CVE-2013-0273
Published: February 16, 2013 / Updated: August 4, 2020
Vulnerability identifier: #VU33911
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-0273
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: pidgin.im
Affected software:
Pidgin
Pidgin
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
How to mitigate CVE-2013-0273
Install update from vendor's website.
Sources
- http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html
- http://www.pidgin.im/news/security/?id=67
- http://www.ubuntu.com/usn/USN-1746-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340