CVE-2013-0274 — Pidgin vulnerability

9 documents7 sources

Severity

2.9LOWNVD

OSV2.1

EPSS

0.5%

top 35.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Linux Kernel Debian Pidgin

Timeline

PublishedFeb 16

Latest updateMay 5

Description

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.

CVSS vector

AV:A/AC:M/C:N/I:N/A:PExploitability: 5.5 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/pidgin< pidgin 2.10.6-3 (bookworm)

▶Debianpidgin/pidgin< 2.10.6-3+3

▶NVDpidgin/pidgin2.10.6+50

▶Ubuntulinux/linux_kernel< 3.13.0-48.80

🔴Vulnerability Details

GHSA

GHSA-63v2-6jjq-v396: upnp↗2022-05-05

▶

OSV

linux vulnerabilities↗2015-03-24

▶

OSV

CVE-2013-0274: upnp↗2013-02-16

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2013-02-25

▶

Red Hat

pidgin: missing nul termination of long values in UPnP responses↗2013-02-13

▶

Debian

CVE-2013-0274: pidgin - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long str...↗2013

▶

💬Community

Bugzilla

CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 pidgin various flaws [fedora-all]↗2013-02-13

▶

Bugzilla

CVE-2013-0274 pidgin: missing nul termination of long values in UPnP responses↗2013-02-11

▶