CVE-2010-1624 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.1%

top 13.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin Canonical Ubuntu Linux

Timeline

PublishedMay 14

Latest updateMay 17

Description

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDpidgin/pidgin< 2.7.0

▶debiandebian/pidgin< pidgin 2.7.0-1 (bookworm)

▶Debianpidgin/pidgin< 2.7.0-1+3

Also affects: Ubuntu Linux 10.04, 10.10, 8.04, 9.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-254x-7xj8-2w85: The msn_emoticon_msg function in slp↗2022-05-17

▶

OSV

CVE-2010-1624: The msn_emoticon_msg function in slp↗2010-05-14

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2010-11-04

▶

Red Hat

Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)↗2010-05-12

▶

Debian

CVE-2010-1624: pidgin - The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple i...↗2010

▶

💬Community

Bugzilla

CVE-2010-1624 Pidgin: MSN SLP emoticon DoS (NULL pointer dereference) [Fedora all]↗2010-05-13

▶

Bugzilla

CVE-2010-1624 Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)↗2010-05-07

▶