VDB
CVE-2010-2528
CVE-2010-2528
PUBLISHED
CVSS 4 MEDIUM
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
EPSS 2.08% · 84.3th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
2.08%
84.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pidgin | pidgin | 2.4.0, 2.0.2, 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- ADV-2010-1887 (circl)
- SSA:2010-240-05 (circl)
- http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c (circl)
- oval:org.mitre.oval:def:18359 (circl)
- http://www.pidgin.im/news/security/index.php?id=47 (circl)
- pidgin-xstatus-dos(60566) (circl)
- 66506 (circl)
- 40699 (circl)
- 41881 (circl)
- ADV-2010-2221 (circl)
…and 1 more exploits
Timeline
- Jul 29, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- ADV-2010-1887 vdb
- SSA:2010-240-05 vendor-advisory
- http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c url
- oval:org.mitre.oval:def:18359 vdb
- http://www.pidgin.im/news/security/index.php?id=47 url
- pidgin-xstatus-dos(60566) vdb
- 66506 vdb
- 40699 third-party-advisory
- 41881 vdb
- ADV-2010-2221 vdb
- http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-2528 advisory