KLA10433
Multiple vulnerabilities in Pidgin
Updated: 06/17/2019
Detect date
?
06/02/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary programs and other unknown impact. Below is a complete list of vulnerabilities

  1. Improper traffic restrictions can be exploited remotely via a specially designed message;
  2. An unknown vulnerability can be exploited remotely via specially designed SOAP or OIM XML responses, Content-Length header, Yahoo! P2P message or specially designed files in messages;
  3. An integer overflow can be exploited remotely via a specially designed Content-Length header, emoticon or timestamp;
  4. Improper protocol implementation can be exploited remotely via a specially designed STUN server;
  5. A buffer overflow can be exploited remotely via a specially designed chunk-size field;
  6. Improper library interaction can be exploited remotely via a specially designed URL;
Affected products

Pidgin versions earlier than 2.10.8

Solution

Update to latest version
Pidgin

Impacts
?
ACE 
[?]

DoS 
[?]

SB 
[?]
CVE-IDS
?
CVE-2013-64895.0Critical
CVE-2013-64815.0Critical
CVE-2013-64855.0Critical
CVE-2013-64775.0Critical
CVE-2014-00205.0Critical
CVE-2013-64877.5Critical
CVE-2013-64869.3Critical
CVE-2013-64845.0Critical
CVE-2013-649010.0Critical
CVE-2013-64784.3Warning
CVE-2013-64795.0Critical
CVE-2013-64825.0Critical
CVE-2013-64836.4High