SB2013021403 - Input validation error in pidgin (Alpine package)
Published: February 14, 2013
Security Bulletin ID
SB2013021403
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-0273)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=83f5ee7b322ae91d1bd84b4371340ce15b00d053
- https://git.alpinelinux.org/aports/commit/?id=7495cc8e168f583b2f1d5c26e3a167612f48180b
- https://git.alpinelinux.org/aports/commit/?id=75698847c89da429e623aa8da25455ea1c351fcd
- https://git.alpinelinux.org/aports/commit/?id=6d31d26f1f4b3c678c3dabf66c6e6317aaa31515