CVE-2009-1373 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:S/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
pidgin	pidgin	𝑥 ≤ 2.5.5
pidgin	pidgin	2.0.0
pidgin	pidgin	2.0.1
pidgin	pidgin	2.0.2
pidgin	pidgin	2.0.2
pidgin	pidgin	2.1.0
pidgin	pidgin	2.1.1
pidgin	pidgin	2.2.0
pidgin	pidgin	2.2.1
pidgin	pidgin	2.2.2
pidgin	pidgin	2.3.0
pidgin	pidgin	2.3.1
pidgin	pidgin	2.4.0
pidgin	pidgin	2.4.1
pidgin	pidgin	2.4.2
pidgin	pidgin	2.4.3
pidgin	pidgin	2.5.0
pidgin	pidgin	2.5.1
pidgin	pidgin	2.5.2
pidgin	pidgin	2.5.3
pidgin	pidgin	2.5.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pidgin

bookworm	2.14.12-1 fixed
bullseye	2.14.1-1 fixed
lenny	not-affected
sid	2.14.13-2 fixed
trixie	2.14.13-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

gaim

dapper	Fixed 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2 released
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne

pidgin

dapper	dne
feisty	dne
hardy	Fixed 1:2.4.1-1ubuntu2.4 released
intrepid	Fixed 1:2.5.2-0ubuntu1.2 released
jaunty	Fixed 1:2.5.5-1ubuntu8.1 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://debian.org/security/2009/dsa-1805

http://secunia.com/advisories/35188

http://secunia.com/advisories/35194

http://secunia.com/advisories/35202

http://secunia.com/advisories/35215

http://secunia.com/advisories/35294

http://secunia.com/advisories/35329

http://secunia.com/advisories/35330

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:140

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

http://www.pidgin.im/news/security/?id=29

http://www.redhat.com/support/errata/RHSA-2009-1059.html

http://www.redhat.com/support/errata/RHSA-2009-1060.html

http://www.securityfocus.com/bid/35067

http://www.ubuntu.com/usn/USN-781-1

http://www.ubuntu.com/usn/USN-781-2

http://www.vupen.com/english/advisories/2009/1396

https://bugzilla.redhat.com/show_bug.cgi?id=500488

https://exchange.xforce.ibmcloud.com/vulnerabilities/50682

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html

http://debian.org/security/2009/dsa-1805

http://secunia.com/advisories/35188

http://secunia.com/advisories/35194

http://secunia.com/advisories/35202

http://secunia.com/advisories/35215

http://secunia.com/advisories/35294

http://secunia.com/advisories/35329

http://secunia.com/advisories/35330

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:140

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

http://www.pidgin.im/news/security/?id=29

http://www.redhat.com/support/errata/RHSA-2009-1059.html

http://www.redhat.com/support/errata/RHSA-2009-1060.html

http://www.securityfocus.com/bid/35067

http://www.ubuntu.com/usn/USN-781-1

http://www.ubuntu.com/usn/USN-781-2

http://www.vupen.com/english/advisories/2009/1396

https://bugzilla.redhat.com/show_bug.cgi?id=500488

https://exchange.xforce.ibmcloud.com/vulnerabilities/50682

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html