Vulnerability Description
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.10.3 |
Related Weaknesses (CWE)
References
- http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdbPatch
- http://pidgin.im/news/security/?id=62PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdbPatch
- http://pidgin.im/news/security/?id=62PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-2214?
CVE-2012-2214 is a vulnerability with a CVSS score of 3.5 (LOW). proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (applicati...
How severe is CVE-2012-2214?
CVE-2012-2214 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2214?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin.