CVE-2010-0420

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
pidginpidgin
𝑥
≤ 2.6.5
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
lenny
not-affected
bookworm
2.14.12-1
fixed
sid
2.14.13-1
fixed
trixie
2.14.13-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
karmic
Fixed 1:2.6.2-1ubuntu7.2
released
jaunty
Fixed 1:2.5.5-1ubuntu8.6
released
intrepid
Fixed 1:2.5.2-0ubuntu1.7
released
hardy
Fixed 1:2.4.1-1ubuntu2.9
released
dapper
dne