CVE-2009-2694
published 2009-08-21CVE-2009-2694: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
20.29%
97.2th percentile
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adium | adium | <= 1.3.5 | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| debian | pidgin | < pidgin 2.5.9-1 (bookworm) | pidgin 2.5.9-1 (bookworm) |
| pidgin | pidgin | <= 2.5.8 | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gg6v-c4q4-582f: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-2694 [CRITICAL] GHSA-gg6v-c4q4-582f: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
OSV
CVE-2009-2694: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
osv·2009-08-21·CVSS 9.3
CVE-2009-2694 [CRITICAL] CVE-2009-2694: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Ubuntu
Pidgin vulnerability
vendor_ubuntu·2009-08-20
CVE-2009-2694 Pidgin vulnerability
Title: Pidgin vulnerability
Summary: Pidgin vulnerability
Federico Muttis discovered that Pidgin did not properly handle certain
malformed messages in the MSN protocol handler. A remote attacker could
send a specially crafted message and possibly execute arbitrary code with
user privileges.
Instructions: After a standard system upgrade you need to restart Pidgin to effect the
necessary changes.
Red Hat
pidgin: insufficient input validation in msn_slplink_process_msg()
vendor_redhat·2009-08-18·CVSS 9.3
CVE-2009-2694 [CRITICAL] CWE-228 pidgin: insufficient input validation in msn_slplink_process_msg()
pidgin: insufficient input validation in msn_slplink_process_msg()
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Mitigation: Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other random MSN users.
Debian
CVE-2009-2694: pidgin - The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in lib...
vendor_debian·2009·CVSS 9.3
CVE-2009-2694 [CRITICAL] CVE-2009-2694: pidgin - The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in lib...
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Scope: local
bookworm: resolved (fixed in 2.5.9-1)
bullseye: resolved (fixed in 2.5.9-1)
forky: resolved (fixed in 2.5.9-1)
sid: resolved (fixed in 2.5.9-1)
trixie: resolved (fixed in 2.5.9-1)
No detection rules found.
http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0ehttp://developer.pidgin.im/wiki/ChangeLoghttp://secunia.com/advisories/36384http://secunia.com/advisories/36392http://secunia.com/advisories/36401http://secunia.com/advisories/36402http://secunia.com/advisories/36708http://secunia.com/advisories/37071http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1http://www.coresecurity.com/content/libpurple-arbitrary-writehttp://www.debian.org/security/2009/dsa-1870http://www.exploit-db.com/exploits/9615http://www.pidgin.im/news/security/?id=34http://www.vupen.com/english/advisories/2009/2303http://www.vupen.com/english/advisories/2009/2663https://bugzilla.redhat.com/show_bug.cgi?id=514957https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320https://rhn.redhat.com/errata/RHSA-2009-1218.htmlhttp://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0ehttp://developer.pidgin.im/wiki/ChangeLoghttp://secunia.com/advisories/36384http://secunia.com/advisories/36392http://secunia.com/advisories/36401http://secunia.com/advisories/36402http://secunia.com/advisories/36708http://secunia.com/advisories/37071http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1http://www.coresecurity.com/content/libpurple-arbitrary-writehttp://www.debian.org/security/2009/dsa-1870http://www.exploit-db.com/exploits/9615http://www.pidgin.im/news/security/?id=34http://www.vupen.com/english/advisories/2009/2303http://www.vupen.com/english/advisories/2009/2663https://bugzilla.redhat.com/show_bug.cgi?id=514957https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320https://rhn.redhat.com/errata/RHSA-2009-1218.html
2009-08-21
Published