CVE-2009-1373

Pidgin < 2.5.6 - Authenticated Remote Code Execution via XMPP SOCKS5 Bytestream Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

References (25)

Core 25
Core References
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1060.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-781-2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1059.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35067
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35329
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-781-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
Third Party Advisory vendor-advisory x_refsource_debian
http://debian.org/security/2009/dsa-1805
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35294
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=500488
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35188
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35194
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35202
Patch, Vendor Advisory x_refsource_confirm
http://www.pidgin.im/news/security/?id=29
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35215
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1396
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35330
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173

Scores

EPSS 0.0427
EPSS Percentile 90.0%

Details

CWE
CWE-119
Status published
Products (20)
pidgin/pidgin 2.0.0
pidgin/pidgin 2.0.1
pidgin/pidgin 2.0.2 (2 CPE variants)
pidgin/pidgin 2.1.0
pidgin/pidgin 2.1.1
pidgin/pidgin 2.2.0
pidgin/pidgin 2.2.1
pidgin/pidgin 2.2.2
pidgin/pidgin 2.3.0
pidgin/pidgin 2.3.1
... and 10 more
Published May 26, 2009
Tracked Since Feb 18, 2026