CVE-2009-2694 - Vulnerability Details

Vendors	Products
Adium	Adium
Pidgin	Pidgin
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
pidgin-0:1.5.1-4.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:1218	2009-08-18T00:00:00Z
Red Hat Enterprise Linux 4
pidgin-0:2.5.9-1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1218	2009-08-18T00:00:00Z
Red Hat Enterprise Linux 5
pidgin-0:2.5.9-1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1218	2009-08-18T00:00:00Z

Link	Providers
http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e
http://developer.pidgin.im/wiki/ChangeLog
http://secunia.com/advisories/36384
http://secunia.com/advisories/36392
http://secunia.com/advisories/36401
http://secunia.com/advisories/36402
http://secunia.com/advisories/36708
http://secunia.com/advisories/37071
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
http://www.coresecurity.com/content/libpurple-arbitrary-write
http://www.debian.org/security/2009/dsa-1870
http://www.exploit-db.com/exploits/9615
http://www.pidgin.im/news/security/?id=34
http://www.vupen.com/english/advisories/2009/2303
http://www.vupen.com/english/advisories/2009/2663
https://bugzilla.redhat.com/show_bug.cgi?id=514957
https://nvd.nist.gov/vuln/detail/CVE-2009-2694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
https://rhn.redhat.com/errata/RHSA-2009-1218.html
https://www.cve.org/CVERecord?id=CVE-2009-2694

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-18T00:00:00", "descriptions": [{"lang": "en", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36392"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9615"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514957", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36392"}, {"name": "http://www.pidgin.im/news/security/?id=34", "refsource": "CONFIRM", "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"name": "http://www.coresecurity.com/content/libpurple-arbitrary-write", "refsource": "MISC", "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"name": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e", "refsource": "CONFIRM", "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9615"}, {"name": "http://developer.pidgin.im/wiki/ChangeLog", "refsource": "CONFIRM", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:56.847Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"name": "ADV-2009-2303", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"name": "36392", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36392"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"name": "oval:org.mitre.oval:def:6320", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"name": "36402", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36402"}, {"name": "266908", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"name": "36384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36384"}, {"name": "DSA-1870", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"name": "37071", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37071"}, {"name": "36708", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36708"}, {"name": "ADV-2009-2663", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"name": "oval:org.mitre.oval:def:10319", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"name": "36401", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36401"}, {"name": "9615", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9615"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"name": "RHSA-2009:1218", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2694", "datePublished": "2009-08-20T22:00:00", "dateReserved": "2009-08-05T00:00:00", "dateUpdated": "2024-08-07T05:59:56.847Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2009-08-18T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-18T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

1 : { »

name : ADV-2009-2303 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2009/2303 (string)

}

2 : { »

name : 36392 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36392 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.pidgin.im/news/security/?id=34 (string)

}

4 : { »

name : oval:org.mitre.oval:def:6320 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

}

6 : { »

name : 36402 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36402 (string)

}

7 : { »

name : 266908 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUNALERT (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

}

9 : { »

name : 36384 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36384 (string)

}

10 : { »

name : DSA-1870 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2009/dsa-1870 (string)

}

11 : { »

name : 37071 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/37071 (string)

}

12 : { »

name : 36708 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36708 (string)

}

13 : { »

name : ADV-2009-2663 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2009/2663 (string)

}

14 : { »

name : oval:org.mitre.oval:def:10319 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 (string)

}

15 : { »

name : 36401 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36401 (string)

}

16 : { »

name : 9615 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

]

url : http://www.exploit-db.com/exploits/9615 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://developer.pidgin.im/wiki/ChangeLog (string)

}

18 : { »

name : RHSA-2009:1218 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1218.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2009-2694 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

1 : { »

name : ADV-2009-2303 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2009/2303 (string)

}

2 : { »

name : 36392 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36392 (string)

}

3 : { »

name : http://www.pidgin.im/news/security/?id=34 (string)

refsource : CONFIRM (string)

url : http://www.pidgin.im/news/security/?id=34 (string)

}

4 : { »

name : oval:org.mitre.oval:def:6320 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 (string)

}

5 : { »

name : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

refsource : MISC (string)

url : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

}

6 : { »

name : 36402 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36402 (string)

}

7 : { »

name : 266908 (string)

refsource : SUNALERT (string)

url : http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 (string)

}

8 : { »

name : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

refsource : CONFIRM (string)

url : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

}

9 : { »

name : 36384 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36384 (string)

}

10 : { »

name : DSA-1870 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2009/dsa-1870 (string)

}

11 : { »

name : 37071 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/37071 (string)

}

12 : { »

name : 36708 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36708 (string)

}

13 : { »

name : ADV-2009-2663 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2009/2663 (string)

}

14 : { »

name : oval:org.mitre.oval:def:10319 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 (string)

}

15 : { »

name : 36401 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36401 (string)

}

16 : { »

name : 9615 (string)

refsource : EXPLOIT-DB (string)

url : http://www.exploit-db.com/exploits/9615 (string)

}

17 : { »

name : http://developer.pidgin.im/wiki/ChangeLog (string)

refsource : CONFIRM (string)

url : http://developer.pidgin.im/wiki/ChangeLog (string)

}

18 : { »

name : RHSA-2009:1218 (string)

refsource : REDHAT (string)

url : https://rhn.redhat.com/errata/RHSA-2009-1218.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T05:59:56.847Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

1 : { »

name : ADV-2009-2303 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2009/2303 (string)

}

2 : { »

name : 36392 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36392 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.pidgin.im/news/security/?id=34 (string)

}

4 : { »

name : oval:org.mitre.oval:def:6320 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

}

6 : { »

name : 36402 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36402 (string)

}

7 : { »

name : 266908 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUNALERT (string)

2 : x_transferred (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

}

9 : { »

name : 36384 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36384 (string)

}

10 : { »

name : DSA-1870 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2009/dsa-1870 (string)

}

11 : { »

name : 37071 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/37071 (string)

}

12 : { »

name : 36708 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36708 (string)

}

13 : { »

name : ADV-2009-2663 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2009/2663 (string)

}

14 : { »

name : oval:org.mitre.oval:def:10319 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 (string)

}

15 : { »

name : 36401 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36401 (string)

}

16 : { »

name : 9615 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

2 : x_transferred (string)

]

url : http://www.exploit-db.com/exploits/9615 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://developer.pidgin.im/wiki/ChangeLog (string)

}

18 : { »

name : RHSA-2009:1218 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1218.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2009-2694 (string)

datePublished : 2009-08-20T22:00:00 (string)

dateReserved : 2009-08-05T00:00:00 (string)

dateUpdated : 2024-08-07T05:59:56.847Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*", "matchCriteriaId": "01CB5803-0C03-4EC5-B865-8760B1231267", "versionEndIncluding": "1.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "45233B3A-A3A1-45C0-A9F4-548B076742F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FAFC986-0E07-48D7-9B67-66B65CAA9AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFA83F88-808F-4D8B-A33D-16994C9074A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D2A75801-F3AD-49E5-B981-6158E9B8F598", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "matchCriteriaId": "7396CE73-35C6-4F72-8F1F-16D8B7E0C029", "versionEndIncluding": "2.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."}, {"lang": "es", "value": "La funci\u00f3n msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) mediante el env\u00edo de m\u00faltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elecci\u00f3n. NOTA: esta vulnerabilidad reportada est\u00e1 causada por una reparaci\u00f3n incompleta de CVE-2009-1376."}], "id": "CVE-2009-2694", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-21T11:02:41.890", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"source": "cve@mitre.org", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36384"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36392"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36401"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36402"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36708"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37071"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9615"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://developer.pidgin.im/wiki/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36402"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.pidgin.im/news/security/?id=34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/2663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 01CB5803-0C03-4EC5-B865-8760B1231267 (string)

versionEndIncluding : 1.3.5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 45233B3A-A3A1-45C0-A9F4-548B076742F9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A6B5D964-9F9C-4EE0-AF9F-4FE64935D8AC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5FAFC986-0E07-48D7-9B67-66B65CAA9AE0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : EFA83F88-808F-4D8B-A33D-16994C9074A6 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3779F8B3-15A9-4FBC-9176-B9B3CAB39DE0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D2A75801-F3AD-49E5-B981-6158E9B8F598 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7396CE73-35C6-4F72-8F1F-16D8B7E0C029 (string)

versionEndIncluding : 2.5.8 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DBC2EBF3-73A7-4542-8E9C-47A4241A224C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AF62072D-4956-4FE6-931E-E6EE9C49F3E7 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6499D8D5-0801-498C-BD4D-508506918CEF (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73CC76CD-FF35-4B3A-9F1E-4E5A65963057 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F694A1FC-2F10-48F9-8E8D-C88A8E7397AA (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 59E216BC-29E4-4C31-9CF0-DE22C2E84968 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BD203F7-B983-4FDD-9837-D68D4F388A4F (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C8E3CBA-2B33-49EF-9105-8DDBB938F519 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 72AA3282-CA7D-438C-A07C-A63392333630 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BEEFF420-2868-422B-BD22-9A5749C2398F (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : B139D83D-7D18-42C7-988C-2070B66CB943 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 047D9636-BCCE-4956-B5A3-D276F1C2EF2D (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A8A794E-E1CB-4F0F-9739-D625E94EA566 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E64EEEA0-89CE-46BD-B387-A96521E76A6B (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : F6E96AA3-B567-4E97-979A-D97A4F786D55 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 09C407C0-99A2-477B-87CF-6BE9F7B367E7 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : EBEF0457-39D8-465B-86A7-8DFA44A1F820 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:* (string)

matchCriteriaId : E39468D5-1378-4441-B927-5C34C85B18AB (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:* (string)

matchCriteriaId : C80012AD-8F49-4287-8AEC-C21AC5774CA9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. (string)

}

1 : { »

lang : es (string)

value : La función msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante el envío de múltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elección. NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de CVE-2009-1376. (string)

}

]

id : CVE-2009-2694 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2009-08-21T11:02:41.890 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://developer.pidgin.im/wiki/ChangeLog (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36384 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36392 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36401 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/36402 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/36708 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/37071 (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://www.debian.org/security/2009/dsa-1870 (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.exploit-db.com/exploits/9615 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.pidgin.im/news/security/?id=34 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2009/2303 (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.vupen.com/english/advisories/2009/2663 (string)

}

15 : { »

source : cve@mitre.org (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 (string)

}

17 : { »

source : cve@mitre.org (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 (string)

}

18 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1218.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://developer.pidgin.im/wiki/ChangeLog (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36384 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36392 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/36401 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/36402 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/36708 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/37071 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://www.coresecurity.com/content/libpurple-arbitrary-write (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://www.debian.org/security/2009/dsa-1870 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.exploit-db.com/exploits/9615 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.pidgin.im/news/security/?id=34 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2009/2303 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vupen.com/english/advisories/2009/2663 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1218.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-399 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "pidgin-0:1.5.1-4.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-08-18T00:00:00Z"}, {"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "pidgin-0:2.5.9-1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-08-18T00:00:00Z"}, {"advisory": "RHSA-2009:1218", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "pidgin-0:2.5.9-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-08-18T00:00:00Z"}], "bugzilla": {"description": "pidgin: insufficient input validation in msn_slplink_process_msg()", "id": "514957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-228->CWE-119", "details": ["The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."], "mitigation": {"lang": "en:us", "value": "Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list.  This will prevent exploitation of this flaw by other random MSN users."}, "name": "CVE-2009-2694", "public_date": "2009-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2694\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2694"], "threat_severity": "Critical"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2009:1218 (string)

cpe : cpe:/o:redhat:enterprise_linux:3 (string)

package : pidgin-0:1.5.1-4.el3 (string)

product_name : Red Hat Enterprise Linux 3 (string)

release_date : 2009-08-18T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2009:1218 (string)

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

package : pidgin-0:2.5.9-1.el4 (string)

product_name : Red Hat Enterprise Linux 4 (string)

release_date : 2009-08-18T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2009:1218 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : pidgin-0:2.5.9-1.el5 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2009-08-18T00:00:00Z (string)

}

]

bugzilla : { »

description : pidgin: insufficient input validation in msn_slplink_process_msg() (string)

id : 514957 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=514957 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 7.5 (string)

cvss_scoring_vector : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-228->CWE-119 (string)

details : [ »

0 : The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. (string)

]

mitigation : { »

lang : en:us (string)

value : Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other random MSN users. (string)

}

name : CVE-2009-2694 (string)

public_date : 2009-08-18T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2009-2694 https://nvd.nist.gov/vuln/detail/CVE-2009-2694 (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object