CVE-2014-3695Improper Restriction of Operations within the Bounds of a Memory Buffer in Pidgin

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
5.0MEDIUMNVD
OSV6.4
EPSS
2.1%
top 15.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedOct 29
Latest updateMay 14

Description

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/pidgin< pidgin 2.10.10-1 (bookworm)
Debianpidgin/pidgin< 2.10.10-1+3
Ubuntupidgin/pidgin< 1:2.10.9-0ubuntu3.2
NVDpidgin/pidgin2.10.9+9

Patches

Patch: hg.pidgin.imPatch: pidgin.imPatch: hg.pidgin.im

🔴Vulnerability Details

3
GHSA
GHSA-5p8v-243c-373h: markup2022-05-14
OSV
CVE-2014-3695: markup2014-10-29
OSV
pidgin vulnerabilities2014-10-28

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2014-10-28
Red Hat
pidgin: crash in Mxit protocol plug-in2014-10-22
Debian
CVE-2014-3695: pidgin - markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allow...2014

🕵️Threat Intelligence

2
Talos
Talos Discovered Three More Vulnerabilities in Pidgin2014-11-07
Talos
Talos Discovered Three More Vulnerabilities in Pidgin2014-11-07

💬Community

2
Bugzilla
CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 pidgin: various flaws [fedora-all]2014-10-23
Bugzilla
CVE-2014-3695 pidgin: crash in Mxit protocol plug-in2014-10-21