Vulnerability CVE-2009-3025

Vulnerability Name:

CVE-2009-3025 (CCN-52994)

Assigned:

2009-08-19

Published:

2009-08-19

Updated:

2017-09-19

Summary:

Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-3025

Source: CONFIRM
Type: Patch
http://developer.pidgin.im/wiki/ChangeLog

Source: CCN
Type: oss-security Mailing List,Wed, 19 Aug 2009 10:39:10 -0400
CVE Request pidgin

Source: MLIST
Type: UNKNOWN
[oss-security] 20090819 CVE Request pidgin

Source: CCN
Type: OSVDB ID: 57522
Pidgin Yahoo Messenger Malformed Link Remote DoS

Source: CCN
Type: Pidgin Web site
Pidgin

Source: CCN
Type: BID-36367
Pidgin Yahoo Instant Messenger Protocol Link Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
pidgin-unspecified-dos(52994)

Source: XF
Type: UNKNOWN
pidgin-unspecified-dos(52994)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6167

Source: SUSE
Type: SUSE-SR:2009:020
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:pidgin:libpurple:2.6.0:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093025	V	CVE-2009-3025	2022-05-20
oval:org.opensuse.security:def:32164	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:29392	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:29356	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:32257	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28281	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:31956	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32701	P	libQtWebKit4-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28517	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27935	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32767	P	pcsc-lite on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28619	P	Security update for xorg-x11-libXrender	2020-12-01
oval:org.opensuse.security:def:32314	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:28010	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33444	P	Security update for pidgin	2020-12-01
oval:org.opensuse.security:def:28674	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32557	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28224	P	Recommended update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:31945	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:32662	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28365	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:32030	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27934	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32723	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28570	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:27946	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33405	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:28658	P	Security update for elfutils	2020-12-01
oval:org.opensuse.security:def:32401	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:28140	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31944	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:28718	P	Security update for kdebase4-runtime	2020-12-01
oval:org.mitre.oval:def:6167	V	Pidgin 2.6.0 and prior allow to cause a denial of service via Yahoo IM.	2013-09-09

BACK