header-logo
Suggest Exploit
vendor:
Pidgin
by:
SecurityFocus
7.5
CVSS
HIGH
Denial-of-Service
20
CWE
Product Name: Pidgin
Affected Version From: 2.4.2001
Affected Version To: 2.4.2001
Patch Exists: YES
Related CWE: N/A
CPE: pidgin
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Pidgin Denial-of-Service Vulnerability

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application: '26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33414/info

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.

Pidgin 2.4.1 is vulnerable; other versions may also be affected.

NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability. 

Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.

'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'