Fluid Attacks Database

Description

msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 11	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 14	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 13	pidgin	>=0 <2.10.4-1	2.10.4-1
rpm rhel5	pidgin	<0:2.6.6-11.el5.4	0:2.6.6-11.el5.4
rpm rhel6	pidgin	<0:2.7.9-5.el6.2	0:2.7.9-5.el6.2

Aliases

1. CVE-2012-23182. NVD-2012-23183. OSV-DEBIAN-2012-23184. OSV-2012-23185. SECURITY-TRACKER-CVE-2012-2318

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.