CVE-2013-6487

Published: Feb 6, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

Affected (14)

Products: Pidgin: Pidgin

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Up to 2.10.7
Pidgin Pidgin	Version 2.0.0
Pidgin Pidgin	Version 2.0.1
Pidgin Pidgin	Version 2.0.2
Pidgin Pidgin	Version 2.0.2
Pidgin Pidgin	Version 2.1.0
Pidgin Pidgin	Version 2.1.1
Pidgin Pidgin	Version 2.10.0
Pidgin Pidgin	Version 2.10.1
Pidgin Pidgin	Version 2.10.2
Pidgin Pidgin	Version 2.10.3
Pidgin Pidgin	Version 2.10.4
Pidgin Pidgin	Version 2.10.5
Pidgin Pidgin	Version 2.10.6

Related CWEs

References (32)

http://advisories.mageia.org/MGASA-2014-0074.html

Source: secalert@redhat.com

http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0

Source: secalert@redhat.com

Vendor Advisory

http://libgadu.net/releases/1.11.3.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html

Source: secalert@redhat.com

http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-2852

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-2859

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2014:039

Source: secalert@redhat.com

http://www.pidgin.im/news/security/?id=82

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/65188

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2100-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2101-1

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2014-0139.html

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201508-02

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0074.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://libgadu.net/releases/1.11.3.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2852

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2859

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.pidgin.im/news/security/?id=82

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/65188

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2100-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2101-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2014-0139.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201508-02

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.