Where You Are

Pidgin DoS Vulnerabilities

Report ID:	SA201006414
Source:	F-Secure
Date of Discovery:	02.03.2010
Criticality:	Undefined
Affects:	Pidgin 2.6.5 and prior versions
Compromise From:	From remote
Compromise Type:	DoS

Summary

Vulnerabilities in Pidgin version before 2.6.6 could allow remote attackers to cause denial of service, causing the application to crash.

Detailed Description

Pidgin version before 2.6.6 has reported denial of service vulnerabilities that affect several supported chat clients.

• slp.c in MSN protocol plugin could cause memory corruption and application crash when parsing an incoming SLP message

• When parsing a large number of smileys, gtkimhtml.c in Pidgin could hog CPU consumption and lead to application hang

• libpurple in Finch does not properly parse nicknames containing <br> sequences when XMPP multi-user chat room is used, allowing remote attackers to cause denial of service via a crafted nickname

Solution

Update to Pidgin 2.6.6 or later versions

Original Reference

ChangeLog: Pidgin and Finch version 2.6.6 (http://developer.pidgin.im/wiki/ChangeLog)

CVE Reference

CVE-2010-0277
CVE-2010-0420
CVE-2010-0423

Tools

Choose Location:

Navigation

Subnavigation

Labs