Pidgin 'X-Status' Message Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Pidgin and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the application to crash, denying service to legitimate users. Impact Level: Application

Solution

Upgrade to Pidgin version 2.7.2 or later, For updates refer to http://pidgin.im/download/windows/

Insight

The flaw is caused by a NULL pointer dereference error when processing malformed 'X-Status' messages, which could be exploited by attackers to crash an affected application, creating a denial of service condition.

Affected

Pidgin versions prior to 2.7.2

References

http://secunia.com/advisories/40699
http://www.pidgin.im/news/security/index.php?id=47
http://www.vupen.com/english/advisories/2010/1887
http://xforce.iss.net/xforce/xfdb/60566

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2528
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
CUPS 'scheduler/select.c' Denial Of Service Vulnerability
ClamAV Remote Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)

Pidgin 'X-Status' Message Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities