Pidgin MSN And XMPP Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

This host has installed with Pidgin and is prone to denial of service vulnerabilities.

Impact

Successful exploitation will allow attacker to crash the affected application. Impact Level: Application

Solution

Upgrade to Pidgin version 2.10.4 or later, For updates refer to http://pidgin.im/download

Insight

- An error in 'msn_message_parse_payload()' function handling messages with certain characters or character encodings can be exploited to cause a crash. - An error in SOCKS5 proxy handling code can be exploited to dereference an invalid pointer and cause a crash by sending multiple specially crafted file transfer requests.

Affected

Pidgin version prior 2.10.4 on Windows

References

http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4
http://pidgin.im/news/security/?id=63
http://secunia.com/advisories/49036/
http://www.pidgin.im/news/security/?id=62

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2214, CVE-2012-2318
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
Apple Safari Malformed URI Remote DoS Vulnerability (Win)
Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability

Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities