CVE-2013-0273 — Pidgin vulnerability

9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.1%

top 15.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedFeb 16

Latest updateMay 5

Description

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.6-3 (bookworm)

▶Debianpidgin/pidgin< 2.10.6-3+3

▶NVDpidgin/pidgin2.10.6+50

🔴Vulnerability Details

GHSA

GHSA-xw8p-f2w6-jfrc: sametime↗2022-05-05

▶

OSV

CVE-2013-0273: sametime↗2013-02-16

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2013-02-25

▶

Red Hat

pidgin: Meanwhile protocol missing nul termination of long Lotus Sametime usernames↗2013-02-13

▶

Debian

CVE-2013-0273: pidgin - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 ...↗2013

▶

💬Community

Bugzilla

CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 pidgin various flaws [fedora-all]↗2013-02-13

▶

Bugzilla

CVE-2013-0273 pidgin: Meanwhile protocol missing nul termination of long Lotus Sametime usernames↗2013-02-11

▶