Vulnerability Details CVE-2009-1373
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 7.1
References
- http://debian.org/security/2009/dsa-1805
- http://secunia.com/advisories/35188
- http://secunia.com/advisories/35194
- http://secunia.com/advisories/35202
- http://secunia.com/advisories/35215
- http://secunia.com/advisories/35294
- http://secunia.com/advisories/35329
- http://secunia.com/advisories/35330
- http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
- http://www.pidgin.im/news/security/?id=29
- http://www.redhat.com/support/errata/RHSA-2009-1059.html
- http://www.redhat.com/support/errata/RHSA-2009-1060.html
- http://www.securityfocus.com/bid/35067
- http://www.ubuntu.com/usn/USN-781-1
- http://www.ubuntu.com/usn/USN-781-2
- http://www.vupen.com/english/advisories/2009/1396
- https://bugzilla.redhat.com/show_bug.cgi?id=500488
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
- http://debian.org/security/2009/dsa-1805
- http://secunia.com/advisories/35188
- http://secunia.com/advisories/35194
- http://secunia.com/advisories/35202
- http://secunia.com/advisories/35215
- http://secunia.com/advisories/35294
- http://secunia.com/advisories/35329
- http://secunia.com/advisories/35330
- http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
- http://www.pidgin.im/news/security/?id=29
- http://www.redhat.com/support/errata/RHSA-2009-1059.html
- http://www.redhat.com/support/errata/RHSA-2009-1060.html
- http://www.securityfocus.com/bid/35067
- http://www.ubuntu.com/usn/USN-781-1
- http://www.ubuntu.com/usn/USN-781-2
- http://www.vupen.com/english/advisories/2009/1396
- https://bugzilla.redhat.com/show_bug.cgi?id=500488
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
Products affected by CVE-2009-1373
-
cpe:2.3:a:pidgin:pidgin:-
-
cpe:2.3:a:pidgin:pidgin:1.5.1
-
cpe:2.3:a:pidgin:pidgin:2.0.0
-
cpe:2.3:a:pidgin:pidgin:2.0.1
-
cpe:2.3:a:pidgin:pidgin:2.0.2
-
cpe:2.3:a:pidgin:pidgin:2.1.0
-
cpe:2.3:a:pidgin:pidgin:2.1.1
-
cpe:2.3:a:pidgin:pidgin:2.2.0
-
cpe:2.3:a:pidgin:pidgin:2.2.1
-
cpe:2.3:a:pidgin:pidgin:2.2.2
-
cpe:2.3:a:pidgin:pidgin:2.3.0
-
cpe:2.3:a:pidgin:pidgin:2.3.1
-
cpe:2.3:a:pidgin:pidgin:2.4.0
-
cpe:2.3:a:pidgin:pidgin:2.4.1
-
cpe:2.3:a:pidgin:pidgin:2.4.2
-
cpe:2.3:a:pidgin:pidgin:2.4.3
-
cpe:2.3:a:pidgin:pidgin:2.5.0
-
cpe:2.3:a:pidgin:pidgin:2.5.1
-
cpe:2.3:a:pidgin:pidgin:2.5.2
-
cpe:2.3:a:pidgin:pidgin:2.5.3
-
cpe:2.3:a:pidgin:pidgin:2.5.4
-
cpe:2.3:a:pidgin:pidgin:2.5.5