CVE-2013-0272 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pidgin

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.9%

top 16.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedFeb 16

Latest updateMay 5

Description

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.6-3 (bookworm)

▶Debianpidgin/pidgin< 2.10.6-3+3

▶NVDpidgin/pidgin2.10.6+50

🔴Vulnerability Details

GHSA

GHSA-xc58-69j7-pj34: Buffer overflow in http↗2022-05-05

▶

OSV

CVE-2013-0272: Buffer overflow in http↗2013-02-16

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2013-02-25

▶

Red Hat

pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers↗2013-02-13

▶

Debian

CVE-2013-0272: pidgin - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin bef...↗2013

▶

💬Community

Bugzilla

CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 pidgin various flaws [fedora-all]↗2013-02-13

▶

Bugzilla

CVE-2013-0272 pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers↗2013-02-11

▶