Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Pierre Nogues · remotewindows
https://www.exploit-db.com/exploits/9615
References (19)
Core 19
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=514957
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2303
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36392
Vendor Advisory x_refsource_confirm
http://www.pidgin.im/news/security/?id=34
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
Exploit x_refsource_misc
http://www.coresecurity.com/content/libpurple-arbitrary-write
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36402
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
Patch x_refsource_confirm
http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36384
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1870
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37071
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36708
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2663
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36401
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9615
Third Party Advisory x_refsource_confirm
http://developer.pidgin.im/wiki/ChangeLog
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1218.html
Scores
EPSS
0.3471
EPSS Percentile
97.0%
Details
CWE
CWE-399
Status
published
Products (29)
adium/adium
1.2.7
adium/adium
1.3
adium/adium
1.3.1
adium/adium
1.3.2
adium/adium
1.3.3
adium/adium
1.3.4
adium/adium
< 1.3.5
pidgin/pidgin
2.0.0
pidgin/pidgin
2.0.1
pidgin/pidgin
2.0.2
... and 19 more
Published
Aug 21, 2009
Tracked Since
Feb 18, 2026