pidgin: multiple vulnerabilities
| Package(s): | pidgin | CVE #(s): | CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | February 18, 2010 | Updated: | November 15, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat alert:
An input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277) A denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML "br" element, it would cause Finch to crash. (CVE-2010-0420) Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue. A denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||