cbcvebase.
CVE-2009-1376
published 2009-05-26

CVE-2009-1376: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2)…

PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.29%
95.9th percentile
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
adiumadium<= 1.3.5
adiumadium
adiumadium
adiumadium
adiumadium
adiumadium
adiumadium
debianpidgin< pidgin 2.5.9-1 (bookworm)pidgin 2.5.9-1 (bookworm)
debianpidgin< pidgin 2.5.6-1 (bookworm)pidgin 2.5.6-1 (bookworm)
pidginpidgin<= 2.5.8
pidginpidgin<= 2.5.5
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin
pidginpidgin

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.