Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption

High Nessus Plugin ID 40663


The remote host has an instant messaging client that is affected by a memory corruption vulnerability.


The version of Pidgin installed on the remote host is earlier than 2.5.9. Such versions are reportedly affected by a vulnerability in 'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages can result in memory corruption. A remote attacker could use this to crash the client, or execute arbitrary code.

This attack does not require user interaction or that the attacker is in the victim's buddy list (using the default configuration).


Upgrade to Pidgin 2.5.9 or later.

See Also

Plugin Details

Severity: High

ID: 40663

File Name: pidgin_2_5_9.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Family: Windows

Published: 2009/08/20

Modified: 2016/11/17

Dependencies: 34205

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/08/18

Vulnerability Publication Date: 2009/08/18

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-2694

BID: 36071

OSVDB: 54647

Secunia: 36384

CWE: 399