// For flags

CVE-2009-2694

Pidgin MSN 2.5.8 - Remote Code Execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

La función msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante el envío de múltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elección. NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de CVE-2009-1376.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-08-05 CVE Reserved
  • 2009-08-20 CVE Published
  • 2009-09-09 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
<= 1.3.5
Search vendor "Adium" for product "Adium" and version " <= 1.3.5"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.2.7
Search vendor "Adium" for product "Adium" and version "1.2.7"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.3
Search vendor "Adium" for product "Adium" and version "1.3"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.3.1
Search vendor "Adium" for product "Adium" and version "1.3.1"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.3.2
Search vendor "Adium" for product "Adium" and version "1.3.2"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.3.3
Search vendor "Adium" for product "Adium" and version "1.3.3"
-
Affected
Adium
Search vendor "Adium"
Adium
Search vendor "Adium" for product "Adium"
1.3.4
Search vendor "Adium" for product "Adium" and version "1.3.4"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
<= 2.5.8
Search vendor "Pidgin" for product "Pidgin" and version " <= 2.5.8"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.0.0
Search vendor "Pidgin" for product "Pidgin" and version "2.0.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.0.1
Search vendor "Pidgin" for product "Pidgin" and version "2.0.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.0.2
Search vendor "Pidgin" for product "Pidgin" and version "2.0.2"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.1.0
Search vendor "Pidgin" for product "Pidgin" and version "2.1.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.1.1
Search vendor "Pidgin" for product "Pidgin" and version "2.1.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.2.0
Search vendor "Pidgin" for product "Pidgin" and version "2.2.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.2.1
Search vendor "Pidgin" for product "Pidgin" and version "2.2.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.2.2
Search vendor "Pidgin" for product "Pidgin" and version "2.2.2"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.3.0
Search vendor "Pidgin" for product "Pidgin" and version "2.3.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.3.1
Search vendor "Pidgin" for product "Pidgin" and version "2.3.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.4.0
Search vendor "Pidgin" for product "Pidgin" and version "2.4.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.4.1
Search vendor "Pidgin" for product "Pidgin" and version "2.4.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.4.2
Search vendor "Pidgin" for product "Pidgin" and version "2.4.2"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.4.3
Search vendor "Pidgin" for product "Pidgin" and version "2.4.3"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.0
Search vendor "Pidgin" for product "Pidgin" and version "2.5.0"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.1
Search vendor "Pidgin" for product "Pidgin" and version "2.5.1"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.2
Search vendor "Pidgin" for product "Pidgin" and version "2.5.2"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.3
Search vendor "Pidgin" for product "Pidgin" and version "2.5.3"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.4
Search vendor "Pidgin" for product "Pidgin" and version "2.5.4"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.6
Search vendor "Pidgin" for product "Pidgin" and version "2.5.6"
-
Affected
Pidgin
Search vendor "Pidgin"
Pidgin
Search vendor "Pidgin" for product "Pidgin"
2.5.7
Search vendor "Pidgin" for product "Pidgin" and version "2.5.7"
-
Affected