CVE-2009-1374 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
pidgin	pidgin	𝑥 ≤ 2.5.5
pidgin	pidgin	2.0.0
pidgin	pidgin	2.0.1
pidgin	pidgin	2.0.2
pidgin	pidgin	2.0.2
pidgin	pidgin	2.1.0
pidgin	pidgin	2.1.1
pidgin	pidgin	2.2.0
pidgin	pidgin	2.2.1
pidgin	pidgin	2.2.2
pidgin	pidgin	2.3.0
pidgin	pidgin	2.3.1
pidgin	pidgin	2.4.0
pidgin	pidgin	2.4.1
pidgin	pidgin	2.4.2
pidgin	pidgin	2.4.3
pidgin	pidgin	2.5.0
pidgin	pidgin	2.5.1
pidgin	pidgin	2.5.2
pidgin	pidgin	2.5.3
pidgin	pidgin	2.5.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pidgin

bookworm	2.14.12-1 fixed
bullseye	2.14.1-1 fixed
lenny	not-affected
sid	2.14.13-2 fixed
trixie	2.14.13-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

gaim

dapper	not-affected
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne

pidgin

dapper	dne
feisty	dne
hardy	Fixed 1:2.4.1-1ubuntu2.4 released
intrepid	Fixed 1:2.5.2-0ubuntu1.2 released
jaunty	Fixed 1:2.5.5-1ubuntu8.1 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://secunia.com/advisories/35188

http://secunia.com/advisories/35194

http://secunia.com/advisories/35202

http://secunia.com/advisories/35294

http://secunia.com/advisories/35329

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

http://www.pidgin.im/news/security/?id=30

http://www.redhat.com/support/errata/RHSA-2009-1060.html

http://www.securityfocus.com/bid/35067

http://www.ubuntu.com/usn/USN-781-1

http://www.vupen.com/english/advisories/2009/1396

https://bugzilla.redhat.com/show_bug.cgi?id=500490

https://exchange.xforce.ibmcloud.com/vulnerabilities/50684

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html

http://secunia.com/advisories/35188

http://secunia.com/advisories/35194

http://secunia.com/advisories/35202

http://secunia.com/advisories/35294

http://secunia.com/advisories/35329

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

http://www.pidgin.im/news/security/?id=30

http://www.redhat.com/support/errata/RHSA-2009-1060.html

http://www.securityfocus.com/bid/35067

http://www.ubuntu.com/usn/USN-781-1

http://www.vupen.com/english/advisories/2009/1396

https://bugzilla.redhat.com/show_bug.cgi?id=500490

https://exchange.xforce.ibmcloud.com/vulnerabilities/50684

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html