Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service

EDB-ID:

32749




Platform:

Linux

Date:

2009-01-26


source: https://www.securityfocus.com/bid/33414/info

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.

Pidgin 2.4.1 is vulnerable; other versions may also be affected.

NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability. 

Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.

'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'