Pidgin HTML Processing Remote Denial Of Service Vulnerability
BID:26205
Info
Pidgin HTML Processing Remote Denial Of Service Vulnerability
| Bugtraq ID: | 26205 |
| Class: | Design Error |
| CVE: |
CVE-2007-4999 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 24 2007 12:00AM |
| Updated: | Dec 18 2007 08:05PM |
| Credit: | Jeffrey Rosen discovered this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Redhat Fedora Core7 Pidgin Pidgin 2.2.1 Pidgin Pidgin 2.2 Pidgin Pidgin 2.1 Foresight Linux Foresight Linux 1.1 |
| Not Vulnerable: |
Pidgin Pidgin 2.2.2 |
Discussion
Pidgin HTML Processing Remote Denial Of Service Vulnerability
Pidgin is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML messages.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
Versions prior to Pidgin 2.2.2 are vulnerable.
Pidgin is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML messages.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
Versions prior to Pidgin 2.2.2 are vulnerable.
Exploit / POC
Pidgin HTML Processing Remote Denial Of Service Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Pidgin HTML Processing Remote Denial Of Service Vulnerability
Solution:
The vendor released Pidgin 2.2.2 to address this issue. Please see the references for more information.
Pidgin Pidgin 2.2.1
Solution:
The vendor released Pidgin 2.2.2 to address this issue. Please see the references for more information.
Pidgin Pidgin 2.2.1
-
Pidgin Pidgin 2.2.2 (Fedora 4, 5, 6)
http://rpm.pidgin.im/fedora/pidgin.repo -
Pidgin Pidgin 2.2.2 (Sources)
http://downloads.sourceforge.net/pidgin/pidgin-2.2.2.tar.bz2 -
Pidgin Pidgin 2.2.2 (Windows)
http://downloads.sourceforge.net/pidgin/pidgin-2.2.2.exe
References
Pidgin HTML Processing Remote Denial Of Service Vulnerability
References:
References:
- Pidgin Homepage (Pidgin)
- NULL pointer dereference in parsing invalid HTML (Pidgin)