CVE-2010-2528 — NULL Pointer Dereference in Pidgin

CWE-399 CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

2.1%

top 15.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedJul 30

Latest updateMay 17

Description

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.7.2-1 (bookworm)

▶Debianpidgin/pidgin< 2.7.2-1+3

▶NVDpidgin/pidgin2.7.1+31

Patches

Patch: www.pidgin.im ↗Patch: www.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-6326-h87r-x9gf: The clientautoresp function in family_icbm↗2022-05-17

▶

OSV

CVE-2010-2528: The clientautoresp function in family_icbm↗2010-07-30

▶

📋Vendor Advisories

Red Hat

pidgin: ICQ X-Status denial of service (NULL deref)↗2010-07-21

▶

Debian

CVE-2010-2528: pidgin - The clientautoresp function in family_icbm.c in the oscar protocol plugin in lib...↗2010

▶

💬Community

Bugzilla

CVE-2010-2528 pidgin: ICQ X-Status denial of service (NULL deref)↗2010-07-22

▶