CVE-2009-3083

Publication date 8 September 2009

Last updated 24 July 2024

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pidgin	9.10 karmic	Not affected
	9.04 jaunty	Fixed 1:2.5.5-1ubuntu8.5
	8.10 intrepid	Fixed 1:2.5.2-0ubuntu1.6
	8.04 LTS hardy	Fixed 1:2.4.1-1ubuntu2.8
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Upstream: http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-886-1
Pidgin vulnerabilities
18 January 2010

Other references

http://pidgin.im/news/security/?id=39
https://www.cve.org/CVERecord?id=CVE-2009-3083