CVE-2013-6487Heap-based Buffer Overflow in Pidgin

CWE-189CWE-122Heap-based Buffer Overflow14 documents8 sources
Severity
7.5HIGHNVD
EPSS
3.9%
top 11.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibgaduPidginDebian Libgadu+1 more
Timeline
PublishedFeb 6
Latest updateMay 17

Description

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

debiandebian/libgadu< libgadu 1:1.11.3-1 (bookworm)
Debianlibgadu/libgadu< 1:1.11.3-1+3
debiandebian/pidgin< libgadu 1:1.11.3-1 (bookworm)
Debianpidgin/pidgin< 2.10.8-1+3
NVDpidgin/pidgin2.10.7+12

🔴Vulnerability Details

2
GHSA
GHSA-hvf5-wpx9-vrrj: Integer overflow in libpurple/protocols/gg/lib/http2022-05-17
OSV
CVE-2013-6487: Integer overflow in libpurple/protocols/gg/lib/http2014-02-06

📋Vendor Advisories

4
Ubuntu
libgadu vulnerability2014-02-10
Ubuntu
Pidgin vulnerabilities2014-02-06
Red Hat
pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin2014-01-28
Debian
CVE-2013-6487: libgadu - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) pars...2013

🕵️Threat Intelligence

4
Talos
Four vulnerabilities in Pidgin2014-01-28
Talos
VRT-2013-1001 (CVE-2013-6487): Buffer overflow in Gadu-Gadu HTTP parsing2014-01-28
Talos
VRT-2013-1001 (CVE-2013-6487): Buffer overflow in Gadu-Gadu HTTP parsing2014-01-28
Talos
Four vulnerabilities in Pidgin2014-01-28

💬Community

3
Bugzilla
CVE-2013-6487 libgadu: pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin [fedora-all]2014-02-03
Bugzilla
CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl2014-01-29
Bugzilla
CVE-2013-6487 pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin2014-01-24