Информационная безопасность
[RU] switch to English


Повреждение памяти в Libpurple / Pidgin
Опубликовано:19 августа 2009 г.
Источник:
SecurityVulns ID:10165
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти при обработке сообщения протокола MSN.
Затронутые продукты:PIDGIN : Pidgin 2.5
 LIBPURPLE : libpurple 2.5
 ADIUM : Adium 1.3
CVE:CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.)
 CVE-2009-2694 (The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability (19.08.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород