Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Pidgin XMPP And SILC Protocols Denial of Service Vulnerabilities (Windows)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

3 years ago

Summary

This host is installed with Pidgin and is prone to denial of service vulnerabilities.

Insight

Insight

Multiplw flaws are due to - An error in the silc_channel_message function in ops.c in the SILC protocol plugin in libpurple, which fails to validate that a piece of text was UTF-8 when receiving various incoming messages. - An error in the XMPP protocol plugin in libpurple, which fails to ensure that the incoming message contained all required fields when receiving various stanzas related to voice and video chat. - An error in the family_feedbag.c in the oscar protocol plugin, which fails to validate that a piece of text was UTF-8 when receiving various incoming messages.

Affected Software

Affected Software

Pidgin versions prior to 2.10.1

Solution

Solution

Upgrade to Pidgin version 2.10.1 or later.

Common Vulnerabilities and Exposures (CVE)