CVE-2010-1624: Input Validation
First published: Fri May 07 2010(Updated: )
Pierre Noguès found a NULL pointer dereference in the Pidgin MSN SLP protocol implementation, by processing custom emoticon messages. A remote, authenticated user could use this deficiency to cause a denial of service (Pidgin crash). Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Pierre Noguès of Meta Security as the original reporter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pidgin | <0:2.6.6-5.el4_8 | 0:2.6.6-5.el4_8 |
| redhat/pidgin | <0:2.6.6-5.el5_5 | 0:2.6.6-5.el5_5 |
| Pidgin | <2.7.0 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/39801
- http://www.pidgin.im/news/security/index.php?id=46
- http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b
- http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c
- http://www.vupen.com/english/advisories/2010/1141
- http://www.securityfocus.com/bid/40138
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:097
- http://www.vupen.com/english/advisories/2010/2755
- https://bugzilla.redhat.com/show_bug.cgi?id=589973
- http://secunia.com/advisories/41899
- http://www.redhat.com/support/errata/RHSA-2010-0788.html
- http://www.ubuntu.com/usn/USN-1014-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58559
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547
- https://access.redhat.com/security/cve/CVE-2010-1624
- http://pidgin.im/news/security/?id=46
- http://admin.fedoraproject.org/updates/pidgin-2.7.0-1.fc13
- http://admin.fedoraproject.org/updates/pidgin-2.7.0-1.fc12
- http://admin.fedoraproject.org/updates/pidgin-2.7.0-1.fc11
- https://rhn.redhat.com/errata/RHSA-2010-0788.html
- https://www.cve.org/CVERecord?id=CVE-2010-1624 https://nvd.nist.gov/vuln/detail/CVE-2010-1624
- https://access.redhat.com/errata/RHSA-2010:0788
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1624.json
Frequently Asked Questions
What is the severity of CVE-2010-1624?
The severity of CVE-2010-1624 is categorized as a denial of service vulnerability affecting the Pidgin software.
How do I fix CVE-2010-1624?
To fix CVE-2010-1624, upgrade to a patched version of Pidgin, specifically version 2.6.6-5.el4_8 or 2.6.6-5.el5_5.
Who can exploit CVE-2010-1624?
CVE-2010-1624 can be exploited by a remote, authenticated user through specially crafted custom emoticon messages.
What software is affected by CVE-2010-1624?
CVE-2010-1624 affects Pidgin versions prior to 2.6.6-5.el4_8 and 2.6.6-5.el5_5, as well as certain Ubuntu Linux versions.
What is the impact of CVE-2010-1624?
The impact of CVE-2010-1624 is that it can cause Pidgin to crash, leading to a denial of service for users.
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1624
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/pidgin
- canonical/pidgin
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/8.04
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10