FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0420

This CVE name corresponds to:

Entered Topic
2010-04-20 pidgin -- multiple remote denial of service vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0420 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-0420
Phase Assigned(20100127)

Description

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

References

Source Reference
CONFIRM http://developer.pidgin.im/wiki/ChangeLog
CONFIRM http://pidgin.im/news/security/?id=44
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=565786
DEBIAN DSA-2038
FEDORA FEDORA-2010-1279
FEDORA FEDORA-2010-1383
FEDORA FEDORA-2010-1934
MANDRIVA MDVSA-2010:041
MANDRIVA MDVSA-2010:085
REDHAT RHSA-2010:0115
SUSE SUSE-SR:2010:006
UBUNTU USN-902-1
BID 38294
OSVDB 62439
OVAL oval:org.mitre.oval:def:11485
OVAL oval:org.mitre.oval:def:18230
SECUNIA 38563
SECUNIA 38640
SECUNIA 38658
SECUNIA 38712
SECUNIA 38915
SECUNIA 39509
VUPEN ADV-2010-0413
VUPEN ADV-2010-1020
VUPEN ADV-2010-0914
XF pidgin-xmpp-nickname-dos(56399)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.