Main Vulnerability Database Vulnerabilities #VU33911

Input validation error in Pidgin - CVE-2013-0273

Published: February 16, 2013 / Updated: August 4, 2020

Vulnerability identifier: #VU33911

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-0273

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Pidgin

Software vendor:
pidgin.im

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.

Remediation

Install update from vendor's website.

External links

http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html
http://www.pidgin.im/news/security/?id=67
http://www.ubuntu.com/usn/USN-1746-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340

Input validation error in Pidgin - CVE-2013-0273

Description

Remediation

External links

Please verify you're human