Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞
Vulnerability Description
Pidgin是一款跨平台的实时通信客户端,它支持多个常用的实时通信协议,用户可用同一个软件登录不同的实时通信服务。 Pidgin和其他一些即时消息客户端所使用的Libpurple库中存在内存破坏漏洞,远程攻击者可以通过向聊天客户端发送特制的MSNSLP报文触发这个漏洞,导致执行任意代码。 攻击需要发送两个连续的MSNSLP消息,第一个用于对slpmsg存储会话id,第二个用于触发漏洞,最终目标是到达msn_slplink_process_msg()中的memcpy()调用。需要创建偏移为非0的MSNSLP
CVSS Information
N/A
Vulnerability Type
N/A