FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pidgin -- multiple remote denial of service vulnerabilities

Affected packages
pidgin < 2.6.6
libpurple < 2.6.6

Details

VuXML ID a2c4d3d5-4c7b-11df-83fb-0015587e2cc1
Discovery 2010-02-18
Entry 2010-04-20

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows:

Pidgin can become unresponsive when displaying large numbers of smileys

[source]

Certain nicknames in group chat rooms can trigger a crash in Finch

[source]

Failure to validate all fields of an incoming message can trigger a crash

[source]

References

Bugtraq ID 38294
CVE Name CVE-2010-0277
CVE Name CVE-2010-0420
CVE Name CVE-2010-0423
URL http://pidgin.im/news/security/?id=43
URL http://pidgin.im/news/security/?id=44
URL http://pidgin.im/news/security/?id=45

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.