CVE-2009-2694
21.08.2009, 11:02
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| adium | adium | 𝑥 ≤ 1.3.5 |
| adium | adium | 1.2.7 |
| adium | adium | 1.3 |
| adium | adium | 1.3.1 |
| adium | adium | 1.3.2 |
| adium | adium | 1.3.3 |
| adium | adium | 1.3.4 |
| pidgin | pidgin | 𝑥 ≤ 2.5.8 |
| pidgin | pidgin | 2.0.0 |
| pidgin | pidgin | 2.0.1 |
| pidgin | pidgin | 2.0.2 |
| pidgin | pidgin | 2.1.0 |
| pidgin | pidgin | 2.1.1 |
| pidgin | pidgin | 2.2.0 |
| pidgin | pidgin | 2.2.1 |
| pidgin | pidgin | 2.2.2 |
| pidgin | pidgin | 2.3.0 |
| pidgin | pidgin | 2.3.1 |
| pidgin | pidgin | 2.4.0 |
| pidgin | pidgin | 2.4.1 |
| pidgin | pidgin | 2.4.2 |
| pidgin | pidgin | 2.4.3 |
| pidgin | pidgin | 2.5.0 |
| pidgin | pidgin | 2.5.1 |
| pidgin | pidgin | 2.5.2 |
| pidgin | pidgin | 2.5.3 |
| pidgin | pidgin | 2.5.4 |
| pidgin | pidgin | 2.5.6 |
| pidgin | pidgin | 2.5.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| finch |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple-branding-upstream |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple-lang |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple-meanwhile |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple-plugin-sametime |
| ||||||||||||||||||||||||||||||||||||||||||||||
| libpurple-tcl |
| ||||||||||||||||||||||||||||||||||||||||||||||
| pidgin |
|
Common Weakness Enumeration
References