New Search

Pidgin before 2.5.9 allow denial of service via SLP (aka MSNSLP) messages

oval:org.mitre.oval:def:6320

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 8
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2009-2694
Product(s):
  • Pidgin