CVE Vulnerabilities

CVE-2009-1889

Published: Jul 01, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

Affected Software

Name Vendor Start Version End Version
Pidgin Pidgin * 2.5.7 (including)
Pidgin Pidgin 2.0.0 (including) 2.0.0 (including)
Pidgin Pidgin 2.0.1 (including) 2.0.1 (including)
Pidgin Pidgin 2.0.2 (including) 2.0.2 (including)
Pidgin Pidgin 2.1.0 (including) 2.1.0 (including)
Pidgin Pidgin 2.1.1 (including) 2.1.1 (including)
Pidgin Pidgin 2.2.0 (including) 2.2.0 (including)
Pidgin Pidgin 2.2.1 (including) 2.2.1 (including)
Pidgin Pidgin 2.2.2 (including) 2.2.2 (including)
Pidgin Pidgin 2.3.0 (including) 2.3.0 (including)
Pidgin Pidgin 2.3.1 (including) 2.3.1 (including)
Pidgin Pidgin 2.4.0 (including) 2.4.0 (including)
Pidgin Pidgin 2.4.1 (including) 2.4.1 (including)
Pidgin Pidgin 2.4.2 (including) 2.4.2 (including)
Pidgin Pidgin 2.4.3 (including) 2.4.3 (including)
Pidgin Pidgin 2.5.0 (including) 2.5.0 (including)
Pidgin Pidgin 2.5.1 (including) 2.5.1 (including)
Pidgin Pidgin 2.5.2 (including) 2.5.2 (including)
Pidgin Pidgin 2.5.3 (including) 2.5.3 (including)
Pidgin Pidgin 2.5.3-32_bit (including) 2.5.3-32_bit (including)
Pidgin Pidgin 2.5.4 (including) 2.5.4 (including)
Pidgin Pidgin 2.5.4-32_bit (including) 2.5.4-32_bit (including)
Pidgin Pidgin 2.5.5 (including) 2.5.5 (including)
Pidgin Pidgin 2.5.5-32_bit (including) 2.5.5-32_bit (including)
Pidgin Pidgin 2.5.6 (including) 2.5.6 (including)
Red Hat Enterprise Linux 4 RedHat pidgin-0:2.5.8-1.el4 *
Red Hat Enterprise Linux 5 RedHat pidgin-0:2.5.8-1.el5 *
Pidgin Ubuntu hardy *
Pidgin Ubuntu intrepid *
Pidgin Ubuntu jaunty *
Pidgin Ubuntu upstream *

References