CVE-2009-1889 Information

Feb 14, 2021 cve

Description

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

Reference

http://developer.pidgin.im/ticket/9483 http://pidgin.im/pipermail/devel/2009-May/008227.html http://secunia.com/advisories/35693 http://secunia.com/advisories/35697 http://secunia.com/advisories/35706 http://secunia.com/advisories/37071 http://www.redhat.com/support/errata/RHSA-2009-1139.html http://www.securityfocus.com/bid/35530 http://www.ubuntu.com/usn/USN-796-1 http://www.vupen.com/english/advisories/2009/1749 https://bugzilla.redhat.com/show_bug.cgi?id=508738 https://exchange.xforce.ibmcloud.com/vulnerabilities/51448 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10004 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html

Share on: