Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-2694

Опубликовано: 18 авг. 2009
Источник: redhat
CVSS2: 7.5
EPSS Средний

Описание

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Меры по смягчению последствий

Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other random MSN users.

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-228->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=514957pidgin: insufficient input validation in msn_slplink_process_msg()

EPSS

Процентиль: 97%
0.34578
Средний

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-2694

ubuntu
около 16 лет назад

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

nvd логотип

CVE-2009-2694

nvd
около 16 лет назад

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

debian логотип

CVE-2009-2694

debian
около 16 лет назад

The msn_slplink_process_msg function in libpurple/protocols/msn/slplin ...

github логотип

GHSA-gg6v-c4q4-582f

github
больше 3 лет назад

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

fstec логотип

BDU:2015-07368

fstec
около 16 лет назад

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 97%
0.34578
Средний

7.5 High

CVSS2