Pidgin OSCAR Protocol Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host has installed Pidgin and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause a application crash. Impact Level: Application

Solution

Upgrade to Pidgin version 2.5.8, http://pidgin.im/download

Insight

Error in OSCAR protocol implementation leads to the application misinterpreting the ICQWebMessage message type as ICQSMS message type via a crafted ICQ web message that triggers allocation of a large amount of memory.

Affected

Pidgin version prior to 2.5.8 on Linux

References

http://developer.pidgin.im/ticket/9483
http://pidgin.im/pipermail/devel/2009-May/008227.html
http://secunia.com/advisories/35652

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1889
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)

Take action and discover your vulnerabilities