Vulnerability Description
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.6.5 |
Related Weaknesses (CWE)
References
- http://developer.pidgin.im/wiki/ChangeLogPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.h
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://pidgin.im/news/security/?id=44Vendor Advisory
- http://secunia.com/advisories/38563Vendor Advisory
- http://secunia.com/advisories/38640Vendor Advisory
- http://secunia.com/advisories/38658Vendor Advisory
- http://secunia.com/advisories/38712Vendor Advisory
- http://secunia.com/advisories/38915
- http://secunia.com/advisories/39509
- http://www.debian.org/security/2010/dsa-2038
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:041
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
FAQ
What is CVE-2010-0420?
CVE-2010-0420 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial...
How severe is CVE-2010-0420?
CVE-2010-0420 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0420?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin.