Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities
High Nessus Network Monitor Plugin ID 5032
SynopsisThe remote host is affected by multiple remote buffer overflow vulnerabilities.
DescriptionThe remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple remote buffer overflow vulnerabilities :
- A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets. (CVE-2009-1374)
- A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it. (CVE-2009-1375)
- A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)
- An integer-overflow issue exists in the application due to a n incorrect typecasting of 'int64' to 'size_t'. (CVE-2009-1376)
Successful exploitation could allow an attacker to execute arbitrary code on the remote host.
SolutionUpgrade to Pidgin 2.5.6 or later.