CVE-2010-0423 - Vulnerability Details

- pidgin: Smiley Denial of Service

Description

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.

Published: 2010-02-24

Score: 5.0 Medium

EPSS: 8.8% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:pidgin:pidgin::::::::
	cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.3.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.4:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.5:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.6:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.7:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.8:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.9:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.4:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
pidgin-0:2.6.6-1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2010:0115	2010-02-18T00:00:00Z
Red Hat Enterprise Linux 5
pidgin-0:2.6.6-1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2010:0115	2010-02-18T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-2038-1	New pidgin packages fix denial of service
Debian DSA	DSA-2038-2	New pidgin packages fix regression
Debian DSA	DSA-2038-3	New pidgin packages fix regression
EUVD	EUVD-2010-0454	gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
Ubuntu USN	USN-902-1	Pidgin vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.08804.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://developer.pidgin.im/wiki/ChangeLog
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://pidgin.im/news/security/?id=45
http://secunia.com/advisories/38563
http://secunia.com/advisories/38640
http://secunia.com/advisories/38658
http://secunia.com/advisories/38712
http://secunia.com/advisories/38915
http://secunia.com/advisories/39509
http://www.debian.org/security/2010/dsa-2038
http://www.mandriva.com/security/advisories?name=MDVSA-2010:041
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
http://www.osvdb.org/62440
http://www.securityfocus.com/bid/38294
http://www.ubuntu.com/usn/USN-902-1
http://www.vupen.com/english/advisories/2010/0413
http://www.vupen.com/english/advisories/2010/0914
http://www.vupen.com/english/advisories/2010/1020
https://bugzilla.redhat.com/show_bug.cgi?id=565792
https://exchange.xforce.ibmcloud.com/vulnerabilities/56394
https://nvd.nist.gov/vuln/detail/CVE-2010-0423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842
https://rhn.redhat.com/errata/RHSA-2010-0115.html
https://www.cve.org/CVERecord?id=CVE-2010-0423

History

No history.

Subscriptions

Pidgin Pidgin

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-02-24T18:00:00.000Z

Updated: 2024-08-07T00:45:12.274Z

Reserved: 2010-01-27T00:00:00.000Z

Link: CVE-2010-0423

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-02-24T18:30:00.530

Modified: 2026-04-29T01:13:23.040

Link: CVE-2010-0423

Redhat

Severity : Low

Publid Date: 2010-02-18T00:00:00Z

Links: CVE-2010-0423 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-399

Tracking

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object