Vulnerability Details : CVE-2009-1373
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-1373
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1373
5.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1373
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-1373
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1373
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Pidgin XMPP SOCKS5 buffer overflow CVE-2009-1373 Vulnerability Report
-
http://secunia.com/advisories/35294
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/USN-781-2
USN-781-2: Gaim vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
Mandriva
-
https://bugzilla.redhat.com/show_bug.cgi?id=500488
500488 – (CVE-2009-1373) CVE-2009-1373 pidgin file transfer buffer overflow
-
http://secunia.com/advisories/35202
About Secunia Research | FlexeraVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
[SECURITY] Fedora 10 Update: pidgin-2.5.6-1.fc10
-
http://www.pidgin.im/news/security/?id=29
404 Page not foundPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/35067
Patch
-
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
Pidgin: Multiple vulnerabilities (GLSA 200905-07) — Gentoo security
-
http://secunia.com/advisories/35329
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/1396
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
Mandriva
-
http://debian.org/security/2009/dsa-1805
[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
[SECURITY] Fedora 11 Update: pidgin-2.5.6-1.fc11
-
http://www.redhat.com/support/errata/RHSA-2009-1060.html
Support
-
http://secunia.com/advisories/35188
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2009-1059.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
[SECURITY] Fedora 9 Update: pidgin-2.5.6-1.fc9
-
http://www.ubuntu.com/usn/USN-781-1
USN-781-1: Pidgin vulnerabilities | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/35194
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/35330
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
404 Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
404 Not Found
-
http://secunia.com/advisories/35215
About Secunia Research | Flexera
Jump to