vendor:
Pidgin
by:
SecurityFocus
7.5
CVSS
HIGH
Denial-of-Service
20
CWE
Product Name: Pidgin
Affected Version From: 2.4.2001
Affected Version To: 2.4.2001
Patch Exists: YES
Related CWE: N/A
CPE: pidgin
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Pidgin Denial-of-Service Vulnerability
Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application: '26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.