CVE-2008-2927 — Integer Overflow or Wraparound in Pidgin
Severity
9.3CRITICALNVD
NVD6.8OSV6.8
EPSS
6.3%
top 8.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 7
Latest updateMay 2
Description
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages4 packages
🔴Vulnerability Details
4GHSA▶
GHSA-p33h-j5pj-5f6r: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2022-05-02
GHSA▶
GHSA-xgwj-qm2p-hcpc: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2022-05-01
OSV▶
CVE-2009-1376: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2009-05-26
OSV▶
CVE-2008-2927: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2008-07-07
📋Vendor Advisories
6💬Community
4Bugzilla
▶
Bugzilla
▶