|
|
| |
|
| |
pidgin: multiple vulnerabilities
| Package(s): | pidgin |
CVE #(s): | CVE-2010-0277
CVE-2010-0420
CVE-2010-0423
|
| Created: | February 18, 2010 |
Updated: | November 15, 2010 |
| Description: |
From the Red Hat alert:
An input sanitization flaw was found in the way Pidgin's MSN protocol
implementation handled MSNSLP invitations. A remote attacker could send a
specially-crafted INVITE request that would cause a denial of service
(memory corruption and Pidgin crash). (CVE-2010-0277)
A denial of service flaw was found in Finch's XMPP chat implementation,
when using multi-user chat. If a Finch user in a multi-user chat session
were to change their nickname to contain the HTML "br" element, it would
cause Finch to crash. (CVE-2010-0420)
Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project
for responsibly reporting the CVE-2010-0420 issue.
A denial of service flaw was found in the way Pidgin processed emoticon
images. A remote attacker could flood the victim with emoticon images
during mutual communication, leading to excessive CPU use. (CVE-2010-0423) |
| Alerts: |
|
( Log in to post comments)
|
|
|