CVE-2008-2956
https://notcve.org/view.php?id=CVE-2008-2956
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." ** DISPUTED ** Fuga de memoria en Pidgin 2.0.0 y posiblemente otras versiones, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través documentos XML malformados. NOTA: este problema ha sido disputado por el proveedor original, que dice: 'Nunca he podido identificar un escenario en que problema ocurrió y el investigador original no pudo suministrar cualquier tipo de detalles de la reproducción.' • http://crisp.cs.du.edu/?q=ca2007-1 http://secunia.com/advisories/31387 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 http://www.openwall.com/lists/oss-security/2008/06/27/3 http://www.securityfocus.com/archive/1/495165/100/0/threaded http://www.securityfocus.com/bid/29985 https://issues.rpath.com/browse/RPL-2647 • CWE-399: Resource Management Errors •
CVE-2007-4999
https://notcve.org/view.php?id=CVE-2007-4999
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticación HTML, permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de aplicación) mediante un mensaje que contiene datos HTML inválidos, vector distinto de CVE-2007-4996. • http://osvdb.org/38695 http://secunia.com/advisories/27372 http://secunia.com/advisories/27495 http://secunia.com/advisories/27858 http://www.pidgin.im/news/security/?id=24 http://www.securityfocus.com/archive/1/483580/100/0/threaded http://www.securityfocus.com/bid/26205 http://www.ubuntu.com/usn/usn-548-1 http://www.vupen.com/english/advisories/2007/3624 https://exchange.xforce.ibmcloud.com/vulnerabilities/38132 https://oval.cisecurity.org/repository/search/defin • CWE-20: Improper Input Validation •
CVE-2007-4996
https://notcve.org/view.php?id=CVE-2007-4996
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no están en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) mediante un mensaje personalizado que dispara un acceso de "ubicación inválida de memoria". • http://fedoranews.org/updates/FEDORA-2007-236.shtml http://secunia.com/advisories/27010 http://secunia.com/advisories/27088 http://www.pidgin.im/news/security/?id=23 http://www.securityfocus.com/archive/1/481402/100/0/threaded http://www.securityfocus.com/bid/25872 http://www.vupen.com/english/advisories/2007/3321 https://exchange.xforce.ibmcloud.com/vulnerabilities/36884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261 •
CVE-2007-3841
https://notcve.org/view.php?id=CVE-2007-3841
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Vulnerabilida no especificada en Pidgin (formalmente Gaim) 2.0.2 para Linux permite a usuarios remotos validados, quienes son listados en una lista de usuarios, ejecutar ciertos comandos a través de vectores no especificados, también conocido como ZD-00000035. NOTA: esta información esta basada en sobre un asesoriamiento impreciso por una información de la vulnerabilidad de una organización de ventas que no se coordino con los vendedores o avisos publicados. • http://www.securityfocus.com/bid/24904 http://www.wslabi.com/wabisabilabi/initPublishedBid.do? •