CVE-2010-0420Improper Input Validation in Pidgin

CWE-20Improper Input Validation9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
3.3%
top 12.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedFeb 24
Latest updateMay 2

Description

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/pidgin< pidgin 2.6.6-1 (bookworm)
Debianpidgin/pidgin< 2.6.6-1+3
NVDpidgin/pidgin2.6.5+28

Patches

Patch: developer.pidgin.imPatch: www.vupen.comPatch: developer.pidgin.im

🔴Vulnerability Details

2
GHSA
GHSA-r3rc-v556-7p45: libpurple in Finch in Pidgin before 22022-05-02
OSV
CVE-2010-0420: libpurple in Finch in Pidgin before 22010-02-24

💥Exploits & PoCs

1
Exploit-DB
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference2011-02-17

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2010-02-22
Red Hat
pidgin: Finch XMPP MUC Crash2010-02-18
Debian
CVE-2010-0420: pidgin - libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) ro...2010

💬Community

2
Bugzilla
CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Multiple pidgin vulnerabilities [Fedora all]2010-02-18
Bugzilla
CVE-2010-0420 pidgin: Finch XMPP MUC Crash2010-02-16