CVE-2009-1374

Published: May 26, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

Affected (21)

Products: Pidgin: Pidgin

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Up to 2.5.5
Pidgin Pidgin	Version 2.0.0
Pidgin Pidgin	Version 2.0.1
Pidgin Pidgin	Version 2.0.2
Pidgin Pidgin	Version 2.0.2
Pidgin Pidgin	Version 2.1.0
Pidgin Pidgin	Version 2.1.1
Pidgin Pidgin	Version 2.2.0
Pidgin Pidgin	Version 2.2.1
Pidgin Pidgin	Version 2.2.2
Pidgin Pidgin	Version 2.3.0
Pidgin Pidgin	Version 2.3.1
Pidgin Pidgin	Version 2.4.0
Pidgin Pidgin	Version 2.4.1
Pidgin Pidgin	Version 2.4.2
Pidgin Pidgin	Version 2.4.3
Pidgin Pidgin	Version 2.5.0
Pidgin Pidgin	Version 2.5.1
Pidgin Pidgin	Version 2.5.2
Pidgin Pidgin	Version 2.5.3
Pidgin Pidgin	Version 2.5.4

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (38)

http://secunia.com/advisories/35188

Source: secalert@redhat.com

http://secunia.com/advisories/35194

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35202

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35294

Source: secalert@redhat.com

http://secunia.com/advisories/35329

Source: secalert@redhat.com

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

Source: secalert@redhat.com

http://www.pidgin.im/news/security/?id=30

Source: secalert@redhat.com

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2009-1060.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/35067

Source: secalert@redhat.com

Patch

http://www.ubuntu.com/usn/USN-781-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/1396

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=500490

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/50684

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html

Source: secalert@redhat.com

http://secunia.com/advisories/35188

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35194

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35202

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35294

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35329

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.pidgin.im/news/security/?id=30

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2009-1060.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35067

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ubuntu.com/usn/USN-781-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1396

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=500490

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50684

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.