CVSS: 5.0EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6484 – pidgin: DoS via specially-crafted stun messages
https://notcve.org/view.php?id=CVE-2013-6484
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. La implementación del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegación de servicio (una operación de escritura fuera de rango y caída de la aplicación) mediante un error de lectura del socket. • http://hg.pidgin.im/pidgin/main/rev/932b985540e9 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=79 http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6484 https://bugzilla.redhat.com/show_bug.cgi?id=1057481 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 53EXPL: 1CVE-2013-6490 – pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
https://notcve.org/view.php?id=CVE-2013-6490
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. La funcionalidad del protocolo SIMPLE en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de una cabecera Content-Length negativo, lo que provoca un desbordamiento de buffer. • https://github.com/Everdoh/CVE-2013-6490 http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da http://www.debian.org/security/2014/dsa-2859 http://www.pidgin.im/news/security/?id=84 http://www.securityfocus.com/bid/65195 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6490 https://bugzilla.redhat.com/show_bug.cgi?id=1057498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 4%CPEs: 53EXPL: 0CVE-2013-6478 – pidgin: DoS when rendering long URLs
https://notcve.org/view.php?id=CVE-2013-6478
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. gtkimhtml.c en Pidgin anterior a 2.10.8 no interactua debidamente con la librería subyacente de soporte para un amplio número de diseños de Pango, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (caída de la aplicación) a través de una URL larga que es examinada con una "tooltip". • http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=72 http://pidgin.im/pipermail/support/2013-March/012980.html http://pidgin.im/pipermail/support/2013-March/012981.html http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 2%CPEs: 53EXPL: 0CVE-2012-6152 – pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
https://notcve.org/view.php?id=CVE-2012-6152
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. El plugin del protocolo de Yahoo! en libpurple en Pidgin anterior a 2.10.8 no valida debidamente datos UTF-8, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de secuencias de bytes manipuladas. • http://hg.pidgin.im/pidgin/main/rev/b0345c25f886 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=70 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2012-6152 https://bugzilla.redhat.com/show_bug.cgi?id=1056473 • CWE-20: Improper Input Validation CWE-172: Encoding Error •
CVSS: 6.4EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6483 – pidgin: Possible spoofing using iq replies in XMPP protocol plugin
https://notcve.org/view.php?id=CVE-2013-6483
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la dirección origen en una respuesta iq es consistente con la dirección destino en una solicitud iq, lo que permite a atacantes remotos falsificar tráfico iq o causar una denegación de servicio (referencia a un puntero NULL y caída de la aplicación) a través de una respuesta manipulada. • http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=78 http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6483 https://bugzilla.redhat.com/show_bug.cgi?id=1056978 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •