CVE-2012-2214 — Pidgin vulnerability

CWE-3998 documents7 sources

Severity

3.5LOWNVD

EPSS

0.5%

top 32.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedJul 3

Latest updateMay 14

Description

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.4-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.4-1+3

▶NVDpidgin/pidgin2.10.3+47

Patches

Patch: hg.pidgin.im ↗Patch: pidgin.im ↗Patch: hg.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-8xpc-q358-5r82: proxy↗2022-05-14

▶

OSV

CVE-2012-2214: proxy↗2012-07-03

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2012-07-09

▶

Red Hat

pidgin: Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests↗2012-05-06

▶

Debian

CVE-2012-2214: pidgin - proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled S...↗2012

▶

💬Community

Bugzilla

CVE-2012-2214 pidgin: Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests↗2012-05-07

▶

Bugzilla

CVE-2012-2214 CVE-2012-2318 pidgin various flaws [fedora-all]↗2012-05-07

▶