CVE-2010-0277

Severity

50%

Complexity

99%

Confidentiality

48%

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2010-01-09 18:30:00

Last updated 7 years ago

2017-09-19 01:30:00

Affected Software

Pidgin 2.0.0

2.0.0

Pidgin 2.0.1

2.0.1

Pidgin 2.0.2

2.0.2

Pidgin 2.1.0

2.1.0

Pidgin 2.1.1

2.1.1

Pidgin 2.2.0

2.2.0

Pidgin 2.2.1

2.2.1

Pidgin 2.2.2

2.2.2

Pidgin 2.3.0

2.3.0

Pidgin 2.3.1

2.3.1

Pidgin 2.4.0

2.4.0

Pidgin 2.4.1

2.4.1

Pidgin 2.4.2

2.4.2

Pidgin 2.4.3

2.4.3

Pidgin 2.5.0

2.5.0

Pidgin 2.5.1

2.5.1

Pidgin 2.5.2

2.5.2

Pidgin 2.5.3

2.5.3

Pidgin 2.5.4

2.5.4

Pidgin 2.5.5

2.5.5

Pidgin 2.5.6

2.5.6

Pidgin 2.5.6

2.5.7

Pidgin 2.5.8

2.5.8

Pidgin 2.5.9

2.5.9

Pidgin 2.6.0

2.6.0

Pidgin 2.6.1

2.6.1

Pidgin 2.6.2

2.6.2

Pidgin 2.6.4

2.6.4

Pidgin

References

http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn

http://developer.pidgin.im/wiki/ChangeLog

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

FEDORA-2010-1279

FEDORA-2010-1934

FEDORA-2010-1383

SUSE-SR:2010:006

http://pidgin.im/news/security/?id=43

38563

Vendor Advisory

38640

Vendor Advisory

38658

Vendor Advisory

38712

Vendor Advisory

38915

Vendor Advisory

41868

Vendor Advisory

MDVSA-2010:041

MDVSA-2010:085

[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload

38294

USN-902-1

ADV-2010-0413

Vendor Advisory

ADV-2010-1020

Vendor Advisory

ADV-2010-2693

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=554335

oval:org.mitre.oval:def:18348

oval:org.mitre.oval:def:9421

RHSA-2010:0115

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.