what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2013-6483

Status Candidate

Overview

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

Related Files

Gentoo Linux Security Advisory 201405-22
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-22 - Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6152, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | d6ade25d1829f578c0c4b87491c29680a25c44d0e8a781b9891d64b725a269ed
Mandriva Linux Security Advisory 2014-025
Posted Feb 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-025 - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service via crafted byte sequences. Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service via a crafted timestamp value in an XMPP message. gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service via a long URL that is examined with a tooltip. util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service via a crafted response. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | 422e9249c13c3d4027bc7cdbcd30bc0b846985f1027544b241a99c5a280f78af
Debian Security Advisory 2859-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2859-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | 9971f9da94a4936515401222fcd0875e78d7f966b207bff95b9b9cc49e110436
Ubuntu Security Notice USN-2100-1
Posted Feb 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2100-1 - Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. It was discovered that Pidgin incorrectly handled long URLs. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020, CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | f991b00ea6f051465706e877f78268dc8f39e4e590323da6770e95706a13d801
Red Hat Security Advisory 2014-0139-01
Posted Feb 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0139-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin. A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | 02c189bcb1976a4f4f88111e98a6e444bb4d4b7b3022798749683cfa0197b660
Slackware Security Advisory - pidgin Updates
Posted Feb 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | 04258e7f7d5fc005eb001766cbc87d485935f54d351163c095aa154938c3f254
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close