Pidgin OSCAR Protocol Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host has installed Pidgin and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause a application crash. Impact Level: Application

Solution

Upgrade to Pidgin version 2.5.8, http://pidgin.im/download

Insight

Error in OSCAR protocol implementation leads to the application misinterpreting the ICQWebMessage message type as ICQSMS message type via a crafted ICQ web message that triggers allocation of a large amount of memory.

Affected

Pidgin version prior to 2.5.8 on Windows

References

http://developer.pidgin.im/ticket/9483
http://pidgin.im/pipermail/devel/2009-May/008227.html
http://secunia.com/advisories/35652

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1889

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
ejabberd 'client2server' Message Remote Denial of Service Vulnerability
freeSSHd Pre-Authentication Error Remote DoS Vulnerability
Compaq Web SSI DoS

Take action and discover your vulnerabilities