CVE-2012-2318 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedJul 3

Latest updateMay 14

Description

msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.4-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.4-1+3

▶NVDpidgin/pidgin2.10.3+47

Patches

Patch: hg.pidgin.im ↗Patch: pidgin.im ↗Patch: hg.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-5cxv-7whw-jpv5: msg↗2022-05-14

▶

OSV

CVE-2012-2318: msg↗2012-07-03

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2012-07-09

▶

Red Hat

pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in↗2012-05-06

▶

Debian

CVE-2012-2318: pidgin - msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not p...↗2012

▶

💬Community

Bugzilla

CVE-2012-2318 pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in↗2012-05-07

▶

Bugzilla

CVE-2012-2214 CVE-2012-2318 pidgin various flaws [fedora-all]↗2012-05-07

▶