CVE-2012-2214

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
pidginpidgin
𝑥
≤ 2.10.3
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.0
pidginpidgin
2.7.1
pidginpidgin
2.7.2
pidginpidgin
2.7.3
pidginpidgin
2.7.4
pidginpidgin
2.7.5
pidginpidgin
2.7.6
pidginpidgin
2.7.7
pidginpidgin
2.7.8
pidginpidgin
2.7.9
pidginpidgin
2.7.10
pidginpidgin
2.7.11
pidginpidgin
2.8.0
pidginpidgin
2.9.0
pidginpidgin
2.10.0
pidginpidgin
2.10.1
pidginpidgin
2.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bookworm
2.14.12-1
fixed
bullseye
2.14.1-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
hardy
ignored
lucid
not-affected
natty
not-affected
oneiric
Fixed 1:2.10.0-0ubuntu2.1
released
precise
Fixed 1:2.10.3-0ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
finch
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
libpurple
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
libpurple-branding-upstream
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
libpurple-lang
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
libpurple-meanwhile
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
libpurple-plugin-sametime
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
libpurple-tcl
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
pidgin
suse enterprise desktop 12
2.10.9-5.15
fixed
suse enterprise desktop 12 SP1
2.10.9-8.1
fixed
suse enterprise desktop 12 SP2
2.11.0-12.5
fixed
suse enterprise desktop 12 SP3
2.12.0-1.33
fixed
suse enterprise desktop 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12
2.10.9-5.15
fixed
suse enterprise sap 12 SP1
2.10.9-8.1
fixed
suse enterprise sap 12 SP2
2.11.0-12.5
fixed
suse enterprise sap 12 SP3
2.12.0-1.33
fixed
suse enterprise sap 12 SP4
2.12.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.12.0-3.3.1
fixed
suse enterprise server 12
2.10.9-5.15
fixed
suse enterprise server 12 SP1
2.10.9-8.1
fixed
suse enterprise server 12 SP2
2.11.0-12.5
fixed
suse enterprise server 12 SP3
2.12.0-1.33
fixed
suse enterprise server 12 SP4
2.12.0-3.3.1
fixed
suse enterprise server 12 SP5
2.12.0-3.3.1
fixed
suse enterprise workstation 12
2.10.9-5.15
fixed
suse enterprise workstation 12 SP1
2.10.9-8.1
fixed
suse enterprise workstation 12 SP2
2.11.0-12.5
fixed
suse enterprise workstation 12 SP3
2.12.0-1.33
fixed
suse enterprise workstation 12 SP4
2.12.0-3.3.1
fixed
suse enterprise workstation 12 SP5
2.12.0-3.3.1
fixed
Common Weakness Enumeration
References
http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb
http://pidgin.im/news/security/?id=62
http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886
http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb
http://pidgin.im/news/security/?id=62
http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17886