CVE-2010-1624

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c	Broken Link
http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b	Broken Link
http://secunia.com/advisories/39801	Not Applicable Vendor Advisory
http://secunia.com/advisories/41899	Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2010:097	Broken Link
http://www.pidgin.im/news/security/index.php?id=46	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0788.html	Third Party Advisory
http://www.securityfocus.com/bid/40138	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1014-1	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1141	Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2010/2755	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=589973	Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/58559	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

History

31 Mar 2023, 19:58

13 Feb 2023, 04:18

Type	Values Removed	Values Added
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2010-1624', 'name': 'https://access.redhat.com/security/cve/CVE-2010-1624', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2010:0788', 'name': 'https://access.redhat.com/errata/RHSA-2010:0788', 'tags': [], 'refsource': 'MISC'}~~
Summary	~~CVE-2010-1624 Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)~~	The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

02 Feb 2023, 17:17

Type	Values Removed	Values Added
Summary	The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.	CVE-2010-1624 Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)
References		(MISC) https://access.redhat.com/security/cve/CVE-2010-1624 - (MISC) https://access.redhat.com/errata/RHSA-2010:0788 -

Information

Published : 2010-05-14 19:30

Updated : 2023-12-10 11:03

NVD link : CVE-2010-1624

Mitre link : CVE-2010-1624

CVE.ORG link : CVE-2010-1624

JSON object : View

Products Affected

canonical

ubuntu_linux

pidgin

pidgin

CWE

CWE-20

Improper Input Validation

Type	Values Removed	Values Added
References	~~(CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c -~~	(CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c - Broken Link
References	~~(CONFIRM) http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b -~~	(CONFIRM) http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0788.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0788.html - Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/41899 -~~	(SECUNIA) http://secunia.com/advisories/41899 - Not Applicable
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/58559 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/58559 - Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/2755 -~~	(VUPEN) http://www.vupen.com/english/advisories/2010/2755 - Permissions Required
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=589973 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=589973 - Issue Tracking, Patch, Third Party Advisory
References	~~(UBUNTU) http://www.ubuntu.com/usn/USN-1014-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/USN-1014-1 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/39801 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/39801 - Not Applicable, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/40138 -~~	(BID) http://www.securityfocus.com/bid/40138 - Broken Link, Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/1141 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2010/1141 - Permissions Required, Vendor Advisory
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:097 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:097 - Broken Link
References	~~(CONFIRM) http://www.pidgin.im/news/security/index.php?id=46 -~~	(CONFIRM) http://www.pidgin.im/news/security/index.php?id=46 - Broken Link
First Time		Canonical Canonical ubuntu Linux
CPE	cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.4.3:::::::* cpe:2.3:a:pidgin:pidgin:2.2.1:::::::* cpe:2.3:a:pidgin:pidgin:2.6.0:::::::* cpe:2.3:a:pidgin:pidgin:2.0.2:::::::* cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.6.4:::::::* cpe:2.3:a:pidgin:pidgin:2.0.1:::::::* cpe:2.3:a:pidgin:pidgin:2.4.2:::::::* cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.1.0:::::::* cpe:2.3:a:pidgin:pidgin:2.0.0:::::::* cpe:2.3:a:pidgin:pidgin:2.6.2:::::::* cpe:2.3:a:pidgin:pidgin:2.5.8:::::::* cpe:2.3:a:pidgin:pidgin:2.3.1:::::::* cpe:2.3:a:pidgin:pidgin:2.5.9:::::::* cpe:2.3:a:pidgin:pidgin:2.2.2:::::::* cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.3:::::::* cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.2:::::::* cpe:2.3:a:pidgin:pidgin:2.6.5:::::::* cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.6.1:::::::* cpe:2.3:a:pidgin:pidgin:2.5.7:::::::* cpe:2.3:a:pidgin:pidgin:2.4.0:::::::* cpe:2.3:a:pidgin:pidgin:2.4.1:::::::* cpe:2.3:a:pidgin:pidgin:2.1.1:::::::* cpe:2.3:a:pidgin:pidgin:2.5.1:::::::* cpe:2.3:a:pidgin:pidgin:2.5.4:::::::* cpe:2.3:a:pidgin:pidgin:2.0.2::linux::::: cpe:2.3:a:pidgin:pidgin:2.3.0:::::::* cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.5:::::::* cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.2.0:::::::* cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.0:::::::* cpe:2.3:a:pidgin:pidgin:2.5.6:::::::*	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::

5.0 /10