CVE-2010-2528

Upstream information

CVE-2010-2528 at MITRE

Description

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	Single
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 630965 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 12 SP1	finch >= 2.10.9-8.1 finch-devel >= 2.10.9-8.1 libpurple >= 2.10.9-8.1 libpurple-devel >= 2.10.9-8.1 libpurple-lang >= 2.10.9-8.1 libpurple-meanwhile >= 2.10.9-8.1 libpurple-tcl >= 2.10.9-8.1 pidgin >= 2.10.9-8.1 pidgin-devel >= 2.10.9-8.1	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA finch-2.10.9-8.1 SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Desktop 12 SP2	finch >= 2.11.0-12.5 finch-devel >= 2.11.0-12.5 libpurple >= 2.11.0-12.5 libpurple-devel >= 2.11.0-12.5 libpurple-lang >= 2.11.0-12.5 libpurple-meanwhile >= 2.11.0-12.5 libpurple-tcl >= 2.11.0-12.5 pidgin >= 2.11.0-12.5 pidgin-devel >= 2.11.0-12.5	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA finch-2.11.0-12.5 SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5 SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Desktop 12 SP3	finch >= 2.12.0-1.33 finch-devel >= 2.12.0-1.33 libpurple >= 2.12.0-1.33 libpurple-branding-upstream >= 2.12.0-1.33 libpurple-devel >= 2.12.0-1.33 libpurple-lang >= 2.12.0-1.33 libpurple-plugin-sametime >= 2.12.0-1.33 libpurple-tcl >= 2.12.0-1.33 pidgin >= 2.12.0-1.33 pidgin-devel >= 2.12.0-1.33	Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA finch-2.12.0-1.33 SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33 SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Desktop 12 SP4	finch >= 2.12.0-3.3.1 finch-devel >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-branding-upstream >= 2.12.0-3.3.1 libpurple-devel >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 libpurple-plugin-sametime >= 2.12.0-3.3.1 libpurple-tcl >= 2.12.0-3.3.1 pidgin >= 2.12.0-3.3.1 pidgin-devel >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA finch-2.12.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1 SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Desktop 12	finch >= 2.10.9-5.15 finch-devel >= 2.10.9-5.15 libpurple >= 2.10.9-5.15 libpurple-devel >= 2.10.9-5.15 libpurple-lang >= 2.10.9-5.15 libpurple-meanwhile >= 2.10.9-5.15 libpurple-tcl >= 2.10.9-5.15 pidgin >= 2.10.9-5.15 pidgin-devel >= 2.10.9-5.15	Patchnames: SUSE Linux Enterprise Desktop 12 GA finch-2.10.9-5.15 SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15 SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1	libpurple >= 2.13.0-3.35 libpurple-branding-upstream >= 2.13.0-3.35 libpurple-devel >= 2.13.0-3.35 libpurple-lang >= 2.13.0-3.35 libpurple-plugin-sametime >= 2.13.0-3.35 pidgin >= 2.13.0-3.35 pidgin-devel >= 2.13.0-3.35	Patchnames: SUSE Linux Enterprise Workstation Extension 15 SP1 GA libpurple-2.13.0-3.35
SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15	libpurple >= 2.13.0-3.35 libpurple-branding-upstream >= 2.13.0-3.35 libpurple-devel >= 2.13.0-3.35 libpurple-lang >= 2.13.0-3.35 libpurple-plugin-sametime >= 2.13.0-3.35 pidgin >= 2.13.0-3.35 pidgin-devel >= 2.13.0-3.35	Patchnames: SUSE Linux Enterprise Workstation Extension 15 GA libpurple-2.13.0-3.35
SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1	finch >= 2.10.9-8.1 finch-devel >= 2.10.9-8.1 libpurple >= 2.10.9-8.1 libpurple-devel >= 2.10.9-8.1 libpurple-lang >= 2.10.9-8.1 libpurple-meanwhile >= 2.10.9-8.1 libpurple-tcl >= 2.10.9-8.1 pidgin >= 2.10.9-8.1 pidgin-devel >= 2.10.9-8.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2	finch >= 2.11.0-12.5 finch-devel >= 2.11.0-12.5 libpurple >= 2.11.0-12.5 libpurple-devel >= 2.11.0-12.5 libpurple-lang >= 2.11.0-12.5 libpurple-meanwhile >= 2.11.0-12.5 libpurple-tcl >= 2.11.0-12.5 pidgin >= 2.11.0-12.5 pidgin-devel >= 2.11.0-12.5	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5 SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3	finch >= 2.12.0-1.33 finch-devel >= 2.12.0-1.33 libpurple >= 2.12.0-1.33 libpurple-branding-upstream >= 2.12.0-1.33 libpurple-devel >= 2.12.0-1.33 libpurple-lang >= 2.12.0-1.33 libpurple-plugin-sametime >= 2.12.0-1.33 libpurple-tcl >= 2.12.0-1.33 pidgin >= 2.12.0-1.33 pidgin-devel >= 2.12.0-1.33	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33 SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4	finch >= 2.12.0-3.3.1 finch-devel >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-branding-upstream >= 2.12.0-3.3.1 libpurple-devel >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 libpurple-plugin-sametime >= 2.12.0-3.3.1 libpurple-tcl >= 2.12.0-3.3.1 pidgin >= 2.12.0-3.3.1 pidgin-devel >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1 SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5	finch >= 2.12.0-3.3.1 finch-devel >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-branding-upstream >= 2.12.0-3.3.1 libpurple-devel >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 libpurple-plugin-sametime >= 2.12.0-3.3.1 libpurple-tcl >= 2.12.0-3.3.1 pidgin >= 2.12.0-3.3.1 pidgin-devel >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA finch-devel-2.12.0-3.3.1 SUSE Linux Enterprise Workstation Extension 12 SP5 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12	finch >= 2.10.9-5.15 finch-devel >= 2.10.9-5.15 libpurple >= 2.10.9-5.15 libpurple-devel >= 2.10.9-5.15 libpurple-lang >= 2.10.9-5.15 libpurple-meanwhile >= 2.10.9-5.15 libpurple-tcl >= 2.10.9-5.15 pidgin >= 2.10.9-5.15 pidgin-devel >= 2.10.9-5.15	Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15 SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
SUSE Linux Enterprise Software Development Kit 12 SP1	finch-devel >= 2.10.9-8.1 libpurple >= 2.10.9-8.1 libpurple-devel >= 2.10.9-8.1 libpurple-lang >= 2.10.9-8.1 pidgin-devel >= 2.10.9-8.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2	finch-devel >= 2.11.0-12.5 libpurple >= 2.11.0-12.5 libpurple-devel >= 2.11.0-12.5 libpurple-lang >= 2.11.0-12.5 pidgin-devel >= 2.11.0-12.5	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5
SUSE Linux Enterprise Software Development Kit 12 SP3	finch-devel >= 2.12.0-1.33 libpurple >= 2.12.0-1.33 libpurple-devel >= 2.12.0-1.33 libpurple-lang >= 2.12.0-1.33 pidgin-devel >= 2.12.0-1.33	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33
SUSE Linux Enterprise Software Development Kit 12 SP4	finch-devel >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-devel >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 pidgin-devel >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5	finch-devel >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-devel >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 pidgin-devel >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12	finch-devel >= 2.10.9-5.15 libpurple >= 2.10.9-5.15 libpurple-devel >= 2.10.9-5.15 libpurple-lang >= 2.10.9-5.15 pidgin-devel >= 2.10.9-5.15	Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15
SUSE Linux Enterprise Workstation Extension 12 SP1	finch >= 2.10.9-8.1 libpurple >= 2.10.9-8.1 libpurple-lang >= 2.10.9-8.1 libpurple-meanwhile >= 2.10.9-8.1 libpurple-tcl >= 2.10.9-8.1 pidgin >= 2.10.9-8.1	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Workstation Extension 12 SP2	finch >= 2.11.0-12.5 libpurple >= 2.11.0-12.5 libpurple-lang >= 2.11.0-12.5 libpurple-meanwhile >= 2.11.0-12.5 libpurple-tcl >= 2.11.0-12.5 pidgin >= 2.11.0-12.5	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Workstation Extension 12 SP3	finch >= 2.12.0-1.33 libpurple >= 2.12.0-1.33 libpurple-branding-upstream >= 2.12.0-1.33 libpurple-lang >= 2.12.0-1.33 libpurple-plugin-sametime >= 2.12.0-1.33 libpurple-tcl >= 2.12.0-1.33 pidgin >= 2.12.0-1.33	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Workstation Extension 12 SP4	finch >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-branding-upstream >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 libpurple-plugin-sametime >= 2.12.0-3.3.1 libpurple-tcl >= 2.12.0-3.3.1 pidgin >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5	finch >= 2.12.0-3.3.1 libpurple >= 2.12.0-3.3.1 libpurple-branding-upstream >= 2.12.0-3.3.1 libpurple-lang >= 2.12.0-3.3.1 libpurple-plugin-sametime >= 2.12.0-3.3.1 libpurple-tcl >= 2.12.0-3.3.1 pidgin >= 2.12.0-3.3.1	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP5 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12	finch >= 2.10.9-5.15 libpurple >= 2.10.9-5.15 libpurple-lang >= 2.10.9-5.15 libpurple-meanwhile >= 2.10.9-5.15 libpurple-tcl >= 2.10.9-5.15 pidgin >= 2.10.9-5.15	Patchnames: SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
openSUSE Leap 15.0	libpurple >= 2.13.0-lp150.3.1 libpurple-lang >= 2.13.0-lp150.3.1 libpurple-tcl >= 2.13.0-lp150.3.1 pidgin >= 2.13.0-lp150.3.1	Patchnames: openSUSE Leap 15.0 GA libpurple-2.13.0-lp150.3.1
openSUSE Tumbleweed	finch >= 2.11.0-4.1 finch-devel >= 2.11.0-4.1 libpurple >= 2.11.0-4.1 libpurple-branding-upstream >= 2.11.0-4.1 libpurple-devel >= 2.11.0-4.1 libpurple-lang >= 2.11.0-4.1 libpurple-plugin-sametime >= 2.11.0-4.1 libpurple-tcl >= 2.11.0-4.1 pidgin >= 2.11.0-4.1 pidgin-devel >= 2.11.0-4.1	Patchnames: openSUSE-Tumbleweed-2024-10432

---

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 17:22:52 2013
CVE page last modified: Sat Jun 15 21:17:13 2024