CVE-2009-2694
Vulnerability from cvelistv5
Published
2009-08-20 22:00
Modified
2024-08-07 05:59
Severity ?
Summary
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
References
cve@mitre.orghttp://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0ePatch
cve@mitre.orghttp://developer.pidgin.im/wiki/ChangeLog
cve@mitre.orghttp://secunia.com/advisories/36384Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36392Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36401Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36402
cve@mitre.orghttp://secunia.com/advisories/36708
cve@mitre.orghttp://secunia.com/advisories/37071
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
cve@mitre.orghttp://www.coresecurity.com/content/libpurple-arbitrary-writeExploit
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1870Patch
cve@mitre.orghttp://www.exploit-db.com/exploits/9615
cve@mitre.orghttp://www.pidgin.im/news/security/?id=34Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2303Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2663
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=514957
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2009-1218.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0ePatch
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/wiki/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36384Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36392Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36401Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36402
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36708
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37071
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/content/libpurple-arbitrary-writeExploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1870Patch
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/9615
af854a3a-2127-422b-91ae-364da2661108http://www.pidgin.im/news/security/?id=34Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2303Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2663
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=514957
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1218.htmlVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
          },
          {
            "name": "ADV-2009-2303",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2303"
          },
          {
            "name": "36392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.pidgin.im/news/security/?id=34"
          },
          {
            "name": "oval:org.mitre.oval:def:6320",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
          },
          {
            "name": "36402",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36402"
          },
          {
            "name": "266908",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
          },
          {
            "name": "36384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36384"
          },
          {
            "name": "DSA-1870",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1870"
          },
          {
            "name": "37071",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37071"
          },
          {
            "name": "36708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36708"
          },
          {
            "name": "ADV-2009-2663",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2663"
          },
          {
            "name": "oval:org.mitre.oval:def:10319",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
          },
          {
            "name": "36401",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36401"
          },
          {
            "name": "9615",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.pidgin.im/wiki/ChangeLog"
          },
          {
            "name": "RHSA-2009:1218",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
        },
        {
          "name": "ADV-2009-2303",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2303"
        },
        {
          "name": "36392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.pidgin.im/news/security/?id=34"
        },
        {
          "name": "oval:org.mitre.oval:def:6320",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
        },
        {
          "name": "36402",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36402"
        },
        {
          "name": "266908",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
        },
        {
          "name": "36384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36384"
        },
        {
          "name": "DSA-1870",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1870"
        },
        {
          "name": "37071",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37071"
        },
        {
          "name": "36708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36708"
        },
        {
          "name": "ADV-2009-2663",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2663"
        },
        {
          "name": "oval:org.mitre.oval:def:10319",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
        },
        {
          "name": "36401",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36401"
        },
        {
          "name": "9615",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.pidgin.im/wiki/ChangeLog"
        },
        {
          "name": "RHSA-2009:1218",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514957",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
            },
            {
              "name": "ADV-2009-2303",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2303"
            },
            {
              "name": "36392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36392"
            },
            {
              "name": "http://www.pidgin.im/news/security/?id=34",
              "refsource": "CONFIRM",
              "url": "http://www.pidgin.im/news/security/?id=34"
            },
            {
              "name": "oval:org.mitre.oval:def:6320",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
            },
            {
              "name": "http://www.coresecurity.com/content/libpurple-arbitrary-write",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
            },
            {
              "name": "36402",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36402"
            },
            {
              "name": "266908",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
            },
            {
              "name": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e",
              "refsource": "CONFIRM",
              "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
            },
            {
              "name": "36384",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36384"
            },
            {
              "name": "DSA-1870",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1870"
            },
            {
              "name": "37071",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37071"
            },
            {
              "name": "36708",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36708"
            },
            {
              "name": "ADV-2009-2663",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2663"
            },
            {
              "name": "oval:org.mitre.oval:def:10319",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
            },
            {
              "name": "36401",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36401"
            },
            {
              "name": "9615",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9615"
            },
            {
              "name": "http://developer.pidgin.im/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://developer.pidgin.im/wiki/ChangeLog"
            },
            {
              "name": "RHSA-2009:1218",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2694",
    "datePublished": "2009-08-20T22:00:00",
    "dateReserved": "2009-08-05T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2694\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-21T11:02:41.890\",\"lastModified\":\"2024-11-21T01:05:31.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) mediante el env\u00edo de m\u00faltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elecci\u00f3n. NOTA: esta vulnerabilidad reportada est\u00e1 causada por una reparaci\u00f3n incompleta de CVE-2009-1376.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.5\",\"matchCriteriaId\":\"01CB5803-0C03-4EC5-B865-8760B1231267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45233B3A-A3A1-45C0-A9F4-548B076742F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FAFC986-0E07-48D7-9B67-66B65CAA9AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA83F88-808F-4D8B-A33D-16994C9074A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2A75801-F3AD-49E5-B981-6158E9B8F598\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.8\",\"matchCriteriaId\":\"7396CE73-35C6-4F72-8F1F-16D8B7E0C029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC2EBF3-73A7-4542-8E9C-47A4241A224C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF62072D-4956-4FE6-931E-E6EE9C49F3E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6499D8D5-0801-498C-BD4D-508506918CEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CC76CD-FF35-4B3A-9F1E-4E5A65963057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F694A1FC-2F10-48F9-8E8D-C88A8E7397AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E216BC-29E4-4C31-9CF0-DE22C2E84968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BD203F7-B983-4FDD-9837-D68D4F388A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C8E3CBA-2B33-49EF-9105-8DDBB938F519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72AA3282-CA7D-438C-A07C-A63392333630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEEFF420-2868-422B-BD22-9A5749C2398F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B139D83D-7D18-42C7-988C-2070B66CB943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"047D9636-BCCE-4956-B5A3-D276F1C2EF2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A8A794E-E1CB-4F0F-9739-D625E94EA566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E64EEEA0-89CE-46BD-B387-A96521E76A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E96AA3-B567-4E97-979A-D97A4F786D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C407C0-99A2-477B-87CF-6BE9F7B367E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBEF0457-39D8-465B-86A7-8DFA44A1F820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39468D5-1378-4441-B927-5C34C85B18AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C80012AD-8F49-4287-8AEC-C21AC5774CA9\"}]}]}],\"references\":[{\"url\":\"http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://developer.pidgin.im/wiki/ChangeLog\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36392\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36401\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36402\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36708\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37071\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/content/libpurple-arbitrary-write\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1870\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.exploit-db.com/exploits/9615\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.pidgin.im/news/security/?id=34\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2303\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2663\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=514957\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1218.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://developer.pidgin.im/wiki/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/content/libpurple-arbitrary-write\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.exploit-db.com/exploits/9615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.pidgin.im/news/security/?id=34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=514957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1218.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.