Vulnerability CVE-2013-1769

Vulnerability Name:

CVE-2013-1769 (CCN-82561)

Assigned:

2013-03-04

Published:

2013-03-04

Updated:

2014-01-22

Summary:

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: telepathy-gabble Web Site
telepathy-gabble

Source: MITRE
Type: CNA
CVE-2013-1769

Source: MLIST
Type: Patch
[Telepathy] 20130304 Announce: telepathy-gabble 0.16.5

Source: MLIST
Type: Patch
[Telepathy] 20130304 Announce: telepathy-gabble 0.17.3

Source: SUSE
Type: Patch
openSUSE-SU-2013:0518

Source: SECUNIA
Type: Vendor Advisory
53779

Source: CCN
Type: IBM Security Bulletin 1640763
Rational Host On-Demand clients affected by vulnerabilities in IBM JRE

Source: CCN
Type: BID-58282
Telepathy-Gabble CVE-2013-1769 NULL Pointer Dereference Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1873-1

Source: CCN
Type: Red Hat Bugzilla Bug 915962
CVE-2013-1769 telepathy-gabble: NULL pointer dereference when trying to hash caps containing pathological data forms

Source: XF
Type: UNKNOWN
telepathygabble-dataforms-dos(82561)

Vulnerable Configuration:

Configuration 1:

cpe:/a:simon_mcvittie:telepathy_gabble:0.16.0:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.16.1:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.16.2:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.16.3:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.16.4:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.17.0:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.17.1:*:*:*:*:*:*:*

OR cpe:/a:simon_mcvittie:telepathy_gabble:0.17.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26227	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:26226	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:26135	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:26124	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:55236	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:20131769	V	CVE-2013-1769	2021-08-15
oval:org.opensuse.security:def:55914	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36574	P	telepathy-gabble-0.7.10-2.19.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:57190	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:26199	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:55833	P	Security update for sudo (Important)	2021-01-27
oval:org.opensuse.security:def:26430	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26958	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27163	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27831	P	Security update for lxc	2020-12-01
oval:org.opensuse.security:def:54390	P	telepathy-gabble on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55521	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27572	P	telepathy-gabble on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26511	P	Security update for icingaweb2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27002	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27227	P	libwsman1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27870	P	Security update for python-lxml	2020-12-01
oval:org.opensuse.security:def:54391	P	telepathy-idle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55629	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26700	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26568	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27640	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:27355	P	wget-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27884	P	Security update for rubygem-i18n-0_6	2020-12-01
oval:org.opensuse.security:def:54413	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55721	P	Security update for openssh (Critical)	2020-12-01
oval:org.opensuse.security:def:26753	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27675	P	Security update for telepathy-gabble	2020-12-01
oval:org.opensuse.security:def:27437	P	libcap-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27928	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:54553	P	libgypsy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55795	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26802	P	pcsc-lite on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26803	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27494	P	libtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28566	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:54791	P	gpgme on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26841	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26856	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27578	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28601	P	Security update for telepathy-gabble	2020-12-01
oval:org.opensuse.security:def:54964	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26327	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26855	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26238	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26905	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27151	P	jakarta-commons-httpclient3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27729	P	Security update for finch	2020-12-01
oval:org.opensuse.security:def:55070	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26408	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26899	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:26944	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27152	P	java-1_7_1-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27782	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:57264	P	Security update for telepathy-gabble	2020-12-01
oval:org.opensuse.security:def:26465	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27537	P	popt-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26044	P	SUSE-SU-2013:0697-1 -- Security update for telepathy-gabble	2014-09-08
oval:org.mitre.oval:def:17003	P	USN-1873-1 -- telepathy-gabble vulnerabilities	2014-06-30
oval:com.ubuntu.precise:def:20131769000	V	CVE-2013-1769 on Ubuntu 12.04 LTS (precise) - low.	2014-01-21
oval:org.opensuse.security:def:79898	P	Security update for telepathy-gabble	2013-03-15

BACK