Vulnerability Name:

CVE-2013-6489 (CCN-90825)

Assigned:2013-11-04
Published:2014-01-28
Updated:2014-03-08
Summary:Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-189
CWE-190
CWE-122
CWE-122
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-6489

Source: MISC
Type: UNKNOWN
http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4

Source: CCN
Type: RHSA-2014-0139
Moderate: pidgin security update

Source: CCN
Type: SA56693
Pidgin Multiple Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-2859

Source: CCN
Type: Pidgin Security Advisory 83
Buffer overflow in MXit emoticon parsing

Source: CONFIRM
Type: Vendor Advisory
http://www.pidgin.im/news/security/?id=83

Source: BID
Type: UNKNOWN
65192

Source: CCN
Type: BID-65192
Pidgin 'asn_getUtf8()' Function Buffer Overflow Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2100-1

Source: XF
Type: UNKNOWN
pidgin-cve20136489-bo(90825)

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0139

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6489

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:*:*:*:*:*:*:*:* (Version <= 2.10.7)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:pidgin:pidgin:-:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55975
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-11-23
    oval:org.opensuse.security:def:26155
    P
    		Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:20136489
    V
    		CVE-2013-6489
    2021-08-15
    oval:org.opensuse.security:def:36402
    P
    		finch-2.6.6-0.25.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:55894
    P
    		Security update for cups (Important)
    2021-04-30
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:55856
    P
    		Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:55297
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:55131
    P
    		Security update for spice (Important)
    2020-12-16
    oval:org.opensuse.security:def:26669
    P
    		apache2-mod_perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26281
    P
    		Security update for hexchat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26910
    P
    		gstreamer-0_10-plugins-base on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27639
    P
    		Security update for pixman
    2020-12-01
    oval:org.opensuse.security:def:28662
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:55025
    P
    		unixODBC on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26683
    P
    		dbus-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26292
    P
    		Security update for the Linux Kernel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26959
    P
    		libnewt0_52 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27212
    P
    		librpcsecgss on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27790
    P
    		Security update for mozilla-nss
    2020-12-01
    oval:org.opensuse.security:def:57251
    P
    		Security update for Mozilla NSS
    2020-12-01
    oval:org.opensuse.security:def:26236
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26356
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26998
    P
    		ofed on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27213
    P
    		librsvg on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27843
    P
    		Security update for net-snmp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57325
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:26293
    P
    		Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:27365
    P
    		Xerces-c on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26484
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27012
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27224
    P
    		libupsclient1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27892
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:54451
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55582
    P
    		Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26377
    P
    		Security update for kauth, kdelibs4 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27400
    P
    		finch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26565
    P
    		hplip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27056
    P
    		xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27288
    P
    		sblim-sfcb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27931
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54452
    P
    		dia on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55690
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25951
    P
    		Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26528
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26622
    P
    		openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27694
    P
    		Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:27416
    P
    		gtk2-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27945
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54474
    P
    		gdk-pixbuf-loader-rsvg on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55782
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25952
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26581
    P
    		libadns1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26706
    P
    		ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27729
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:27498
    P
    		libvorbis-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27989
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:54614
    P
    		libthai-data on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25963
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26630
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26280
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26857
    P
    		PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27555
    P
    		rubygem-activemodel-3_2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28627
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-01
    oval:org.opensuse.security:def:54852
    P
    		libcares2 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25166
    P
    		SUSE-SU-2014:0702-1 -- Security update for finch
    2014-09-08
    oval:org.mitre.oval:def:22203
    P
    		RHSA-2014:0139: pidgin security update (Moderate)
    2014-07-07
    oval:org.mitre.oval:def:22557
    P
    		USN-2100-1 -- pidgin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:24323
    P
    		DSA-2859-2 pidgin - security update
    2014-06-23
    oval:org.mitre.oval:def:22474
    P
    		DSA-2859-1 pidgin - several
    2014-06-23
    oval:org.mitre.oval:def:24167
    P
    		ELSA-2014:0139: pidgin security update (Moderate)
    2014-05-26
    oval:org.opensuse.security:def:79959
    P
    		Security update for finch
    2014-05-08
    oval:com.ubuntu.precise:def:20136489000
    V
    		CVE-2013-6489 on Ubuntu 12.04 LTS (precise) - medium.
    2014-02-06
    oval:com.redhat.rhsa:def:20140139
    P
    		RHSA-2014:0139: pidgin security update (Moderate)
    2014-02-05
    BACK
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.0.2
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.0
    pidgin pidgin 2.5.1
    pidgin pidgin 2.5.2
    pidgin pidgin 2.5.3
    pidgin pidgin 2.5.4
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin pidgin 2.5.8
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.3
    pidgin pidgin 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.0
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.7.10
    pidgin pidgin 2.7.11
    pidgin pidgin 2.8.0
    pidgin pidgin 2.9.0
    pidgin pidgin 2.10.0
    pidgin pidgin 2.10.1
    pidgin pidgin 2.10.2
    pidgin pidgin 2.10.3
    pidgin pidgin 2.10.4
    pidgin pidgin 2.10.5
    pidgin pidgin 2.10.6
    pidgin pidgin *
    pidgin pidgin -
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6