Fluid Attacks Database

Description

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 14	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 11	pidgin	>=0 <2.10.4-1	2.10.4-1
debian 13	pidgin	>=0 <2.10.4-1	2.10.4-1

Aliases

1. CVE-2012-22142. NVD-2012-22143. OSV-DEBIAN-2012-22144. OSV-2012-22145. SECURITY-TRACKER-CVE-2012-2214

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.