CVE-2009-1374

pidgin DoS when decrypting qq packets

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

Desbordamiento de búfer en la función decrypt_out en Pidgin anteriores a v2.5.6 permite a atacantes remotos producir una denegación de servicio (caída de aplicación)a través de un paquete QQ.

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-04-23 CVE Reserved
2009-05-26 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (20)

URL	Tag	Source
http://secunia.com/advisories/35188	Third Party Advisory
http://secunia.com/advisories/35294	Third Party Advisory
http://secunia.com/advisories/35329	Third Party Advisory
http://www.vupen.com/english/advisories/2009/1396	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50684	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201	Signature

URL	Date	SRC

URL	Date	SRC
http://www.pidgin.im/news/security/?id=30	2017-09-29
http://www.securityfocus.com/bid/35067	2017-09-29

URL	Date	SRC
http://secunia.com/advisories/35194	2017-09-29
http://secunia.com/advisories/35202	2017-09-29
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml	2017-09-29
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173	2017-09-29
http://www.redhat.com/support/errata/RHSA-2009-1060.html	2017-09-29
http://www.ubuntu.com/usn/USN-781-1	2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=500490	2009-05-22
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html	2017-09-29
https://access.redhat.com/security/cve/CVE-2009-1374	2009-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				<= 2.5.5 Search vendor "Pidgin" for product "Pidgin" and version " <= 2.5.5"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.0.0 Search vendor "Pidgin" for product "Pidgin" and version "2.0.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.0.1 Search vendor "Pidgin" for product "Pidgin" and version "2.0.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.0.2 Search vendor "Pidgin" for product "Pidgin" and version "2.0.2"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.0.2 Search vendor "Pidgin" for product "Pidgin" and version "2.0.2"		linux		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.1.0 Search vendor "Pidgin" for product "Pidgin" and version "2.1.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.1.1 Search vendor "Pidgin" for product "Pidgin" and version "2.1.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.2.0 Search vendor "Pidgin" for product "Pidgin" and version "2.2.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.2.1 Search vendor "Pidgin" for product "Pidgin" and version "2.2.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.2.2 Search vendor "Pidgin" for product "Pidgin" and version "2.2.2"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.3.0 Search vendor "Pidgin" for product "Pidgin" and version "2.3.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.3.1 Search vendor "Pidgin" for product "Pidgin" and version "2.3.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.0 Search vendor "Pidgin" for product "Pidgin" and version "2.4.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.1 Search vendor "Pidgin" for product "Pidgin" and version "2.4.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.2 Search vendor "Pidgin" for product "Pidgin" and version "2.4.2"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.3 Search vendor "Pidgin" for product "Pidgin" and version "2.4.3"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.0 Search vendor "Pidgin" for product "Pidgin" and version "2.5.0"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.1 Search vendor "Pidgin" for product "Pidgin" and version "2.5.1"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.2 Search vendor "Pidgin" for product "Pidgin" and version "2.5.2"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.3 Search vendor "Pidgin" for product "Pidgin" and version "2.5.3"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.4 Search vendor "Pidgin" for product "Pidgin" and version "2.5.4"		-		Affected