Page 7 of 85 results (0.010 seconds)

CVSS: 5.0EPSS: 3%CPEs: 53EXPL: 0

CVE-2013-6482 – pidgin: DoS via multiple null pointer dereferences in MSN protocol plugin

https://notcve.org/view.php?id=CVE-2013-6482

Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. Pidgin anterior a 2.10.8 permite a servidores MSN remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de (1) una respuesta SOAP, (2) respuesta OIM XML o (3) cabecera Content-Length manipuladas. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://www.debian.org/security/2014/dsa-2859 http://www.pidgin.im/news/security/?id=75 http://www.pidgin.im/news/security/?id=76 http://www.pidgin.im/news/security/?id=77 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6482 https:/ • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 6.4EPSS: 1%CPEs: 53EXPL: 0

CVE-2013-6483 – pidgin: Possible spoofing using iq replies in XMPP protocol plugin

https://notcve.org/view.php?id=CVE-2013-6483

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la dirección origen en una respuesta iq es consistente con la dirección destino en una solicitud iq, lo que permite a atacantes remotos falsificar tráfico iq o causar una denegación de servicio (referencia a un puntero NULL y caída de la aplicación) a través de una respuesta manipulada. • http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=78 http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6483 https://bugzilla.redhat.com/show_bug.cgi?id=1056978 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.0EPSS: 0%CPEs: 53EXPL: 0

CVE-2013-6484 – pidgin: DoS via specially-crafted stun messages

https://notcve.org/view.php?id=CVE-2013-6484

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. La implementación del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegación de servicio (una operación de escritura fuera de rango y caída de la aplicación) mediante un error de lectura del socket. • http://hg.pidgin.im/pidgin/main/rev/932b985540e9 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=79 http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6484 https://bugzilla.redhat.com/show_bug.cgi?id=1057481 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •

CVSS: 5.1EPSS: 1%CPEs: 53EXPL: 0

CVE-2013-6485 – pidgin: Heap-based buffer overflow when parsing chunked HTTP responses

https://notcve.org/view.php?id=CVE-2013-6485

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. Desbordamiento de buffer en util.c en libpurple en Pidgin anterior a 2.10.8 permite a servidores HTTP remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través del campo de tamaño de fragmento en datos de codificación de transferencia truncados. • http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=80 http://www.debian.org/security/2014/dsa-2859 http://www.securityfocus.com/bid/65243 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6485 https://bugzilla.redha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0

CVE-2013-6487 – pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin

https://notcve.org/view.php?id=CVE-2013-6487

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. Desbordamiento de entero en libpurple/protocols/gg/lib/http.c en el analizador Gadu-Gadu (gg) en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de un valor Content-Length largo, lo que provoca un desbordamiento de buffer. • http://advisories.mageia.org/MGASA-2014-0074.html http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0 http://libgadu.net/releases/1.11.3.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html http://www.debian.org/security/2014/dsa-2852 http: • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •