fkie_nvd - fkie_cve-2009-1889

fkie_cve-2009-1889

Vulnerability from fkie_nvd

Published

2009-07-01 13:00

Modified

2024-11-21 01:03

Severity ?

Summary

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

References

URL	Tags
secalert@redhat.com	http://developer.pidgin.im/ticket/9483	Patch, Vendor Advisory
secalert@redhat.com	http://pidgin.im/pipermail/devel/2009-May/008227.html	Patch
secalert@redhat.com	http://secunia.com/advisories/35693
secalert@redhat.com	http://secunia.com/advisories/35697
secalert@redhat.com	http://secunia.com/advisories/35706
secalert@redhat.com	http://secunia.com/advisories/37071
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1139.html
secalert@redhat.com	http://www.securityfocus.com/bid/35530
secalert@redhat.com	http://www.ubuntu.com/usn/USN-796-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1749
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=508738
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/51448
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html
af854a3a-2127-422b-91ae-364da2661108	http://developer.pidgin.im/ticket/9483	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://pidgin.im/pipermail/devel/2009-May/008227.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35693
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35697
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35706
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37071
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1139.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35530
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-796-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1749
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=508738
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/51448
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html

Impacted products

Vendor	Product	Version
pidgin	pidgin	*
pidgin	pidgin	2.0.0
pidgin	pidgin	2.0.1
pidgin	pidgin	2.0.2
pidgin	pidgin	2.0.2
pidgin	pidgin	2.1.0
pidgin	pidgin	2.1.1
pidgin	pidgin	2.2.0
pidgin	pidgin	2.2.1
pidgin	pidgin	2.2.2
pidgin	pidgin	2.3.0
pidgin	pidgin	2.3.1
pidgin	pidgin	2.4.0
pidgin	pidgin	2.4.1
pidgin	pidgin	2.4.2
pidgin	pidgin	2.4.3
pidgin	pidgin	2.5.0
pidgin	pidgin	2.5.1
pidgin	pidgin	2.5.2
pidgin	pidgin	2.5.3
pidgin	pidgin	2.5.3
pidgin	pidgin	2.5.4
pidgin	pidgin	2.5.4
pidgin	pidgin	2.5.5
pidgin	pidgin	2.5.5
pidgin	pidgin	2.5.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B3467B6-656E-4749-B70B-820049084F44",
              "versionEndIncluding": "2.5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*",
              "matchCriteriaId": "777EF35C-195A-4784-986D-3811CF1DCF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*",
              "matchCriteriaId": "F2DD21F1-7A08-4F2D-B8EA-C02771E960FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*",
              "matchCriteriaId": "01256F83-6E67-409A-B99A-6E27E83DA05F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n del protocolo OSCAR  en Pidgin anterior a v2.5.8 no interpreta el tipo de mensaje ICQWebMessage como tipo ICQSMS, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje web ICQ manipulado que lanza una asignaci\u00f3n de una gran cantidad de memoria."
    }
  ],
  "id": "CVE-2009-1889",
  "lastModified": "2024-11-21T01:03:37.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-01T13:00:01.390",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.pidgin.im/ticket/9483"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35693"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35697"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35706"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37071"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/35530"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-796-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1749"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.pidgin.im/ticket/9483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://pidgin.im/pipermail/devel/2009-May/008227.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1139.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-796-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=508738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2009-1889

Vulnerability from cvelistv5

Published

2009-07-01 12:26

Modified

2024-08-07 05:27