CVE-2013-6490
published 2014-02-06CVE-2013-6490: The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
14.81%
96.3th percentile
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pidgin | < pidgin 2.10.8-1 (bookworm) | pidgin 2.10.8-1 (bookworm) |
| pidgin | pidgin | <= 2.10.7 | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Pidgin vulnerabilities
vendor_ubuntu·2014-02-06·CVSS 5.0
CVE-2012-6152 [MEDIUM] Pidgin vulnerabilities
Title: Pidgin vulnerabilities
Summary: Several security issues were fixed in Pidgin.
Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled
the Yahoo! protocol. A remote attacker could use this issue to cause
Pidgin to crash, resulting in a denial of service. (CVE-2012-6152)
Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP
protocol. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2013-6477)
It was discovered that Pidgin incorrecly handled long URLs. A remote
attacker could use this issue to cause Pidgin to crash, resulting in a
denial of service. (CVE-2013-6478)
Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTP
responses. A malicious remote server or a machine-in-the-
Red Hat
pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
vendor_redhat·2014-01-28·CVSS 10.0
CVE-2013-6490 [CRITICAL] CWE-190 pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
Package: pidgin (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-6490: pidgin - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attacker...
vendor_debian·2013·CVSS 10.0
CVE-2013-6490 [CRITICAL] CVE-2013-6490: pidgin - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attacker...
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.10.8-1)
bullseye: resolved (fixed in 2.10.8-1)
forky: resolved (fixed in 2.10.8-1)
sid: resolved (fixed in 2.10.8-1)
trixie: resolved (fixed in 2.10.8-1)
GHSA
GHSA-5m43-2xmh-9w8j: The SIMPLE protocol functionality in Pidgin before 2
ghsa_unreviewed·2022-05-17
CVE-2013-6490 [HIGH] CWE-119 GHSA-5m43-2xmh-9w8j: The SIMPLE protocol functionality in Pidgin before 2
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
OSV
CVE-2013-6490: The SIMPLE protocol functionality in Pidgin before 2
osv·2014-02-06·CVSS 10.0
CVE-2013-6490 [CRITICAL] CVE-2013-6490: The SIMPLE protocol functionality in Pidgin before 2
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
No detection rules found.
No public exploits indexed.
Talos
VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
blogs_talos·2014-01-28·CVSS 10.0
CVE-2013-6490 [CRITICAL] VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
### Sourcefire Vulnerability Report VRT-2013-1004 (CVE-2013-6490):Buffer overflow in SIMPLE header parsing
#### Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of SIP/SIMPLE message handling. An attacker who can control the Content-Length of a SIP/SIMPLE message can cause an allocation to return NULL which can later be used to write into the lowest page of memory.
#### Tested Versions Pidgin 2.10.7
#### Coverage Prior coverage through a SIP preprocessor alert, GID 140 SID 16.
#### Details In sipmsg_parse_header() in file pidgin-2.10.7\libpurple\protocols\simple\sipmsg.c at line 114, the length of the message is read from an incoming message into an integer:164 tmp2 = sipmsg_find_header(msg, "Content-Length");115 if (tmp2 != NULL)116 msg-
Talos
Four vulnerabilities in Pidgin
blogs_talos·2014-01-28·CVSS 9.3
[CRITICAL] Four vulnerabilities in Pidgin
The VRT is announcing the discovery and patching of 4 CVE vulnerabilities in Pidgin. These vulnerabilities were discovered by the VRT VULNDEV team and reported to the Pidgin team. The VRT also created TRUFFLE rules that have been protecting Sourcefire customers for these vulnerabilities since October 1st 2013, while the Pidgin team was working on patching them. TRUFFLE rules provide a way for the VRT to release cutting edge coverage without exposing threats to the public through a plaintext rule. We are releasing these rules publicly as part of our update today, since the Pidgin team is releasing Pidgin 2.10.8 that addresses these issues. It is available for download here: http://www.pidgin.im/ Here is a summary of the vulnerabilities and the associated rules, with links to blog posts desc
Talos
Four vulnerabilities in Pidgin
blogs_talos·2014-01-28·CVSS 9.3
[CRITICAL] Four vulnerabilities in Pidgin
## Four vulnerabilities in Pidgin
The VRT is announcing the discovery and patching of 4 CVE vulnerabilities in Pidgin. These vulnerabilities were discovered by the VRT VULNDEV team and reported to the Pidgin team. The VRT also created TRUFFLE rules that have been protecting Sourcefire customers for these vulnerabilities since October 1st 2013, while the Pidgin team was working on patching them. TRUFFLE rules provide a way for the VRT to release cutting edge coverage without exposing threats to the public through a plaintext rule. We are releasing these rules publicly as part of our update today, since the Pidgin team is releasing Pidgin 2.10.8 that addresses these issues. It is available for download here: http://www.pidgin.im/ Here is a summary of the vulnerabilities and the associated r
Talos
VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
blogs_talos·2014-01-28·CVSS 10.0
CVE-2013-6490 [CRITICAL] VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
## VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
## Sourcefire Vulnerability Report VRT-2013-1004 (CVE-2013-6490):Buffer overflow in SIMPLE header parsing
## Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of SIP/SIMPLE message handling. An attacker who can control the Content-Length of a SIP/SIMPLE message can cause an allocation to return NULL which can later be used to write into the lowest page of memory.
## Tested Versions Pidgin 2.10.7
## Coverage Prior coverage through a SIP preprocessor alert, GID 140 SID 16.
Bugzilla
CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl
bugzilla·2014-01-29·CVSS 5.0
CVE-2013-6483 [MEDIUM] CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl
CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bug
Bugzilla
CVE-2013-6490 pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
bugzilla·2014-01-24·CVSS 10.0
CVE-2013-6490 [CRITICAL] CVE-2013-6490 pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
CVE-2013-6490 pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
A Heap-based buffer overflow was found in SIMPLE protocol header parsing. A malicious server could provide a Content-Length header of '-1' which could lead to a buffer overlow. This could cause pidgin to crash or possibly execute arbitrary code with the permissions of the user running pidgin.
Acknowledgements:
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan of Sourcefire VRT as the original reporter of this issue.
Discussion:
Created attachment 855935
Local copy of patch
---
External References:
http://pidgin.im/news/security/?id=84
---
Created pidgin tracking bugs for this issue:
Affects: fedora-all [bug 1059049]
---
This issue has been address
http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5dahttp://www.debian.org/security/2014/dsa-2859http://www.pidgin.im/news/security/?id=84http://www.securityfocus.com/bid/65195http://www.ubuntu.com/usn/USN-2100-1https://rhn.redhat.com/errata/RHSA-2014-0139.htmlhttp://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5dahttp://www.debian.org/security/2014/dsa-2859http://www.pidgin.im/news/security/?id=84http://www.securityfocus.com/bid/65195http://www.ubuntu.com/usn/USN-2100-1https://rhn.redhat.com/errata/RHSA-2014-0139.html
2014-02-06
Published