CVE-2010-2528

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
pidginpidgin
𝑥
≤ 2.7.1
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
lenny
not-affected
bookworm
2.14.12-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
hardy
not-affected
dapper
dne
Common Weakness Enumeration
References
http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c
http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
http://secunia.com/advisories/40699
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873
http://www.osvdb.org/66506
http://www.pidgin.im/news/security/index.php?id=47
http://www.securityfocus.com/bid/41881
http://www.vupen.com/english/advisories/2010/1887
http://www.vupen.com/english/advisories/2010/2221
https://exchange.xforce.ibmcloud.com/vulnerabilities/60566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359
http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c
http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
http://secunia.com/advisories/40699
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873
http://www.osvdb.org/66506
http://www.pidgin.im/news/security/index.php?id=47
http://www.securityfocus.com/bid/41881
http://www.vupen.com/english/advisories/2010/1887
http://www.vupen.com/english/advisories/2010/2221
https://exchange.xforce.ibmcloud.com/vulnerabilities/60566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359