Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3083

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

Published

2009-09-08T18:30:00.360

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pidgin	libpurple	*	Yes
Application	pidgin	pidgin	≤ 2.6.1	Yes
Application	pidgin	pidgin	2.0.0	Yes
Application	pidgin	pidgin	2.0.1	Yes
Application	pidgin	pidgin	2.0.2	Yes
Application	pidgin	pidgin	2.0.2	Yes
Application	pidgin	pidgin	2.1.0	Yes
Application	pidgin	pidgin	2.1.1	Yes
Application	pidgin	pidgin	2.2.0	Yes
Application	pidgin	pidgin	2.2.1	Yes
Application	pidgin	pidgin	2.2.2	Yes
Application	pidgin	pidgin	2.3.0	Yes
Application	pidgin	pidgin	2.3.1	Yes
Application	pidgin	pidgin	2.4.0	Yes
Application	pidgin	pidgin	2.4.0	Yes
Application	pidgin	pidgin	2.4.1	Yes
Application	pidgin	pidgin	2.4.1	Yes
Application	pidgin	pidgin	2.4.2	Yes
Application	pidgin	pidgin	2.4.2	Yes
Application	pidgin	pidgin	2.4.3	Yes
Application	pidgin	pidgin	2.4.3	Yes
Application	pidgin	pidgin	2.5.0	Yes
Application	pidgin	pidgin	2.5.0	Yes
Application	pidgin	pidgin	2.5.1	Yes
Application	pidgin	pidgin	2.5.2	Yes
Application	pidgin	pidgin	2.5.2	Yes
Application	pidgin	pidgin	2.5.3	Yes
Application	pidgin	pidgin	2.5.3	Yes
Application	pidgin	pidgin	2.5.4	Yes
Application	pidgin	pidgin	2.5.4	Yes
Application	pidgin	pidgin	2.5.5	Yes
Application	pidgin	pidgin	2.5.5	Yes
Application	pidgin	pidgin	2.5.6	Yes
Application	pidgin	pidgin	2.5.7	Yes
Application	pidgin	pidgin	2.5.8	Yes
Application	pidgin	pidgin	2.5.9	Yes
Application	pidgin	pidgin	2.6.0	Yes

References

http://developer.pidgin.im/ticket/10159 Patch, Vendor Advisory ([email protected])
http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c Patch, Vendor Advisory ([email protected])
http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/36601 Vendor Advisory ([email protected])
http://www.pidgin.im/news/security/index.php?id=39 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/36277 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 ([email protected])
http://developer.pidgin.im/ticket/10159 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36601 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.pidgin.im/news/security/index.php?id=39 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36277 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 (af854a3a-2127-422b-91ae-364da2661108)