QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2528

Published: Jul 29, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

SSA:2010-240-05

vendor-advisory

x_refsource_SLACKWARE

http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c

x_refsource_CONFIRM

oval:org.mitre.oval:def:18359

vdb-entry

signature

x_refsource_OVAL

http://www.pidgin.im/news/security/index.php?id=47

x_refsource_CONFIRM

pidgin-xstatus-dos(60566)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.