CVE-2009-3083 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2009-3083

Modified

More Info Official Page

Source-cve@mitre.org

Published At-08 Sep, 2009 | 18:30

Updated At-19 Sep, 2017 | 01:29

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:*

>>pidgin>>Versions up to 2.6.1(inclusive)

cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*

>>pidgin>>2.0.0

cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*

>>pidgin>>2.0.1

cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*

>>pidgin>>2.0.2

cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*

>>pidgin>>2.0.2

cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*

>>pidgin>>2.1.0

cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*

>>pidgin>>2.1.1

cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*

>>pidgin>>2.2.0

cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*

>>pidgin>>2.2.1

cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*

>>pidgin>>2.2.2

cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*

>>pidgin>>2.3.0

cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*

>>pidgin>>2.3.1

cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*

>>pidgin>>2.4.0

cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*

>>pidgin>>2.4.0

cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*

>>pidgin>>2.4.1

cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*

>>pidgin>>2.4.1

cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*

>>pidgin>>2.4.2

cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*

>>pidgin>>2.4.2

cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*

>>pidgin>>2.4.3

cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*

>>pidgin>>2.4.3

cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.0

cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*

>>pidgin>>2.5.0

cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.1

cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*

>>pidgin>>2.5.2

cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*

>>pidgin>>2.5.2

cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.3

cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*

>>pidgin>>2.5.3

cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.4

cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*

>>pidgin>>2.5.4

cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.5

cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*

>>pidgin>>2.5.5

cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*

>>pidgin>>2.5.6

cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*

>>pidgin>>2.5.7

cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*

>>pidgin>>2.5.8

cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*

>>pidgin>>2.5.9

cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*

>>pidgin>>2.6.0

cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://developer.pidgin.im/ticket/10159	cve@mitre.org	Patch Vendor Advisory
http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c	cve@mitre.org	Patch Vendor Advisory
http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/36601	cve@mitre.org	Vendor Advisory
http://www.pidgin.im/news/security/index.php?id=39	cve@mitre.org	Patch Vendor Advisory
http://www.securityfocus.com/bid/36277	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322	cve@mitre.org	N/A