CVE-2010-3711Improper Input Validation in Pidgin

CWE-20Improper Input Validation9 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
1.4%
top 19.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedOct 28
Latest updateMay 17

Description

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/pidgin< pidgin 2.7.4-1 (bookworm)
Debianpidgin/pidgin< 2.7.4-1+3
NVDpidgin/pidgin2.7.3+33

Patches

Patch: developer.pidgin.imPatch: pidgin.imPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-hc55-4m8w-x8c2: libpurple in Pidgin before 22022-05-17
OSV
CVE-2010-3711: libpurple in Pidgin before 22010-10-28

💥Exploits & PoCs

1
Exploit-DB
httpdx - 'h_handlepeer()' Remote Buffer Overflow (Metasploit)2010-07-26

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2010-11-04
Red Hat
(libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values2010-10-20
Debian
CVE-2010-3711: pidgin - libpurple in Pidgin before 2.7.4 does not properly validate the return value of ...2010

💬Community

2
Bugzilla
CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values [fedora-all]2010-10-21
Bugzilla
CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values2010-10-11