CVE-2010-0277 — Out-of-bounds Write in Pidgin

9 documents8 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

8.8%

top 7.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin Adium

Timeline

PublishedJan 9

Latest updateMay 2

Description

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/pidgin< pidgin 2.6.6-1 (bookworm)

▶Debianpidgin/pidgin< 2.6.6-1+3

▶NVDpidgin/pidgin2.6.5+28

▶NVDadium/adium1.3.8

🔴Vulnerability Details

GHSA

GHSA-rj5f-77wg-8qgv: slp↗2022-05-02

▶

OSV

CVE-2010-0277: slp↗2010-01-09

▶

💥Exploits & PoCs

Exploit-DB

3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)↗2010-09-20

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2010-02-22

▶

Debian

CVE-2010-0277: pidgin - slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including ...↗2010

▶

Red Hat

pidgin MSN protocol plugin memory corruption↗2009-12-27

▶

💬Community

Bugzilla

CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Multiple pidgin vulnerabilities [Fedora all]↗2010-02-18

▶

Bugzilla

CVE-2010-0277 pidgin MSN protocol plugin memory corruption↗2010-01-11

▶