{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36392"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9615"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514957", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36392"}, {"name": "http://www.pidgin.im/news/security/?id=34", "refsource": "CONFIRM", "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"name": "http://www.coresecurity.com/content/libpurple-arbitrary-write", "refsource": "MISC", "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"name": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e", "refsource": "CONFIRM", "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9615"}, {"name": "http://developer.pidgin.im/wiki/ChangeLog", "refsource": "CONFIRM", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:56.847Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36392"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9615"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2694", "datePublished": "2009-08-20T22:00:00.000Z", "dateReserved": "2009-08-05T00:00:00.000Z", "dateUpdated": "2024-08-07T05:59:56.847Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*", "matchCriteriaId": "01CB5803-0C03-4EC5-B865-8760B1231267", "versionEndIncluding": "1.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "45233B3A-A3A1-45C0-A9F4-548B076742F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FAFC986-0E07-48D7-9B67-66B65CAA9AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFA83F88-808F-4D8B-A33D-16994C9074A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D2A75801-F3AD-49E5-B981-6158E9B8F598", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "matchCriteriaId": "7396CE73-35C6-4F72-8F1F-16D8B7E0C029", "versionEndIncluding": "2.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}, {"lang": "es", "value": "La funci\u00f3n msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) mediante el env\u00edo de m\u00faltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elecci\u00f3n. NOTA: esta vulnerabilidad reportada est\u00e1 causada por una reparaci\u00f3n incompleta de CVE-2009-1376."}], "id": "CVE-2009-2694", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-21T11:02:41.890", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"source": "cve@mitre.org", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36384"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36392"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36401"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36402"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36708"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37071"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9615"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36402"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "pidgin-0:1.5.1-4.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-08-18T00:00:00Z"}, {"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "pidgin-0:2.5.9-1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-08-18T00:00:00Z"}, {"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "pidgin-0:2.5.9-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-08-18T00:00:00Z"}], "bugzilla": {"description": "pidgin: insufficient input validation in msn_slplink_process_msg()", "id": "514957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-228->CWE-119", "details": ["The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."], "mitigation": {"lang": "en:us", "value": "Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other random MSN users."}, "name": "CVE-2009-2694", "public_date": "2009-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2694\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2694"], "threat_severity": "Critical"}

{}