CVE-2009-1373
Pidgin < 2.5.6 - Authenticated Remote Code Execution via XMPP SOCKS5 Bytestream Overflow
Title source: llmDescription
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
References (25)
Core 25
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1060.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-781-2
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1059.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35067
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35329
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-781-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
Third Party Advisory vendor-advisory
x_refsource_debian
http://debian.org/security/2009/dsa-1805
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35294
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=500488
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35188
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35194
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35202
Patch, Vendor Advisory x_refsource_confirm
http://www.pidgin.im/news/security/?id=29
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35215
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1396
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35330
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
Scores
EPSS
0.0427
EPSS Percentile
90.0%
Details
CWE
CWE-119
Status
published
Products (20)
pidgin/pidgin
2.0.0
pidgin/pidgin
2.0.1
pidgin/pidgin
2.0.2 (2 CPE variants)
pidgin/pidgin
2.1.0
pidgin/pidgin
2.1.1
pidgin/pidgin
2.2.0
pidgin/pidgin
2.2.1
pidgin/pidgin
2.2.2
pidgin/pidgin
2.3.0
pidgin/pidgin
2.3.1
... and 10 more
Published
May 26, 2009
Tracked Since
Feb 18, 2026